Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UpdaterTool.exe

Overview

General Information

Sample name:UpdaterTool.exe
Analysis ID:1584834
MD5:09cb59f6bbd3558b6698d029c1daccec
SHA1:37a081e1a56b7b3d7982b299fe91fa8635163369
SHA256:b88638ea23c4629fc7a28953b14ffabcf9b8fa302b552930512629c2c8a5be1a
Tags:exeuser-aachum
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
AI detected suspicious URL
AI detected suspicious sample
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • UpdaterTool.exe (PID: 7432 cmdline: "C:\Users\user\Desktop\UpdaterTool.exe" MD5: 09CB59F6BBD3558B6698D029C1DACCEC)
    • UpdaterTool.exe (PID: 7456 cmdline: "C:\Users\user\Desktop\UpdaterTool.exe" MD5: 09CB59F6BBD3558B6698D029C1DACCEC)
      • cmd.exe (PID: 7508 cmdline: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7556 cmdline: schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • chrome.exe (PID: 3624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://alert-metamask.info/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,3885513550755460943,12905883307123306454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • UpdaterTool.exe (PID: 7604 cmdline: C:\Users\user\Desktop\UpdaterTool.exe MD5: 09CB59F6BBD3558B6698D029C1DACCEC)
    • UpdaterTool.exe (PID: 7624 cmdline: C:\Users\user\Desktop\UpdaterTool.exe MD5: 09CB59F6BBD3558B6698D029C1DACCEC)
      • cmd.exe (PID: 7664 cmdline: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 7716 cmdline: schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST", CommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\UpdaterTool.exe", ParentImage: C:\Users\user\Desktop\UpdaterTool.exe, ParentProcessId: 7456, ParentProcessName: UpdaterTool.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST", ProcessId: 7508, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST", CommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\UpdaterTool.exe", ParentImage: C:\Users\user\Desktop\UpdaterTool.exe, ParentProcessId: 7456, ParentProcessName: UpdaterTool.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST", ProcessId: 7508, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://alert-metamask.info/Avira URL Cloud: Label: malware
Source: http://alert-metamask.info/583Avira URL Cloud: Label: malware
Source: http://alert-metamask.info//-Avira URL Cloud: Label: malware
Source: http://alert-metamask.info//c=IAvira URL Cloud: Label: malware
Source: http://alert-metamask.info/w/Avira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: UpdaterTool.exeReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACAFAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,1_2_00007FFDFACAFAF0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCFB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFACCFB00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC97A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,1_2_00007FFDFAC97A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE3A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFDFACE3A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC9A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFACC9A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC81483
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC819E7 CRYPTO_free,1_2_00007FFDFAC819E7
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFAC8155A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFAC81582
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC95BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFDFAC95BB0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACADBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFDFACADBA0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE1B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFACE1B9F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACFBB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,1_2_00007FFDFACFBB70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA5B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFACA5B90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFDFAC81E6A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,1_2_00007FFDFAC81654
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFDFAC8F910
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACFB900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFACFB900
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC813DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC813DE
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACB38C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACB38C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC99870 CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFAC99870
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,1_2_00007FFDFAC8589C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACEBA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACEBA20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC81A41
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFAC81A15
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC3A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACC3A00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC811DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFDFAC811DB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD1970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,1_2_00007FFDFACD1970
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFDFAC8105F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCD980 RAND_bytes_ex,CRYPTO_malloc,memset,1_2_00007FFDFACCD980
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9BF30 CRYPTO_memcmp,1_2_00007FFDFAC9BF30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE3F30 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,1_2_00007FFDFACE3F30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFAC81C53
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC95F20 CRYPTO_THREAD_run_once,1_2_00007FFDFAC95F20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACEDF40 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,1_2_00007FFDFACEDF40
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC85EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,1_2_00007FFDFAC85EE0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFAC82680
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC83EB0 CRYPTO_free,1_2_00007FFDFAC83EB0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8107D CRYPTO_free,1_2_00007FFDFAC8107D
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82720 CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFAC82720
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,1_2_00007FFDFAC8150F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC825DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFDFAC825DB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA6030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFACA6030
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8202C CRYPTO_free,1_2_00007FFDFAC8202C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC823EC CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFAC823EC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC81019
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8DFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC8DFB5
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,1_2_00007FFDFAC81B18
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA5D20 CRYPTO_free,CRYPTO_free,1_2_00007FFDFACA5D20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,1_2_00007FFDFAC81CEE
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE3D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFDFACE3D20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82595 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFAC82595
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC95CB0 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFDFAC95CB0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC823F1 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC823F1
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC93CC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFAC93CC0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC85C9B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,1_2_00007FFDFAC85C9B
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACEBE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACEBE20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA5E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFACA5E10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8108C ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFAC8108C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,1_2_00007FFDFAC82310
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81D89 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFAC81D89
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACB92E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFACB92E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFDFAC81677
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,1_2_00007FFDFAC8111D
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8B300 CRYPTO_clear_free,1_2_00007FFDFAC8B300
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC817F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC817F8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFAC8195B
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFDFAC81A32
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF3260 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFACF3260
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFAC81F8C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACFB430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFDFACFB430
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,1_2_00007FFDFAC81444
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFDFAC81997
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8D3CA CRYPTO_free,1_2_00007FFDFAC8D3CA
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC811A9 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFAC811A9
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC9120 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFACC9120
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC821DF CRYPTO_memcmp,1_2_00007FFDFAC821DF
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC30A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFACC30A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC814CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC814CE
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACB50D8 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFACB50D8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC82374
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACAF070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,1_2_00007FFDFACAF070
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACFB070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFACFB070
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE5070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFACE5070
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA9080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,1_2_00007FFDFACA9080
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE7230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFACE7230
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8D227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC8D227
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFAC81B90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFDFAC81262
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFAC81A23
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACAD170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,1_2_00007FFDFACAD170
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE1170 ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFDFACE1170
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8F160 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFAC8F160
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC81023
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD1750 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFACD1750
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC812CB CRYPTO_THREAD_run_once,1_2_00007FFDFAC812CB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC56D0 CRYPTO_free,1_2_00007FFDFACC56D0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACEB660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFACEB660
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC97840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFDFAC97840
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,1_2_00007FFDFAC81087
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF57FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFACF57FE
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE17A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFACE17A1
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD77A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACD77A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC811BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC811BD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC8193D
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,1_2_00007FFDFAC81992
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD14E0 CRYPTO_memcmp,1_2_00007FFDFACD14E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACAD510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,1_2_00007FFDFACAD510
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC81EDD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC82126
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFDFAC81393
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF3480 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFACF3480
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC91620 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFAC91620
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8F650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,1_2_00007FFDFAC8F650
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF3650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,1_2_00007FFDFACF3650
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82379 CRYPTO_free,1_2_00007FFDFAC82379
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81181 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC81181
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,1_2_00007FFDFAC8110E
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC82469
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC821E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFDFAC821E9
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD7570 CRYPTO_realloc,1_2_00007FFDFACD7570
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC820F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC820F4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC84B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC84B30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,1_2_00007FFDFAC81460
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC96B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,1_2_00007FFDFAC96B20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9EB48 CRYPTO_free,1_2_00007FFDFAC9EB48
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACAEB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFDFACAEB10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8114F CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFAC8114F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE4C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFDFACE4C40
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC81AB4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCEC10 CRYPTO_free,1_2_00007FFDFACCEC10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC84C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC84C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC81A0F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC94930 CRYPTO_get_ex_new_index,1_2_00007FFDFAC94930
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCE920 CRYPTO_free,1_2_00007FFDFACCE920
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC81EE2
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACFA8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,1_2_00007FFDFACFA8F0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACEC8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACEC8E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,1_2_00007FFDFAC8139D
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC826B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFAC826B2
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCE8C0 CRYPTO_free,1_2_00007FFDFACCE8C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF8870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACF8870
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE4860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFDFACE4860
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC81492
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC2A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,1_2_00007FFDFACC2A50
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,1_2_00007FFDFAC81A05
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD89F0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFACD89F0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC824EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC824EB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,1_2_00007FFDFAC81893
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC8204F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC817DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC817DF
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFDFAC82185
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC94990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC94990
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF2EE0 CRYPTO_memcmp,1_2_00007FFDFACF2EE0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8CEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,1_2_00007FFDFAC8CEA0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC817E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFDFAC817E9
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC8236A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFDFAC8117C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC8E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFACC8E90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFDFAC82117
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC820E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC820E5
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC84FD0 CRYPTO_free,1_2_00007FFDFAC84FD0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFAC82144
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC8136B
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC9CD30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC81CBC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC8D40 OPENSSL_cleanse,CRYPTO_free,1_2_00007FFDFACC8D40
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,1_2_00007FFDFAC8257C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD8CA0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFACD8CA0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCEC70 CRYPTO_free,1_2_00007FFDFACCEC70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC822D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,1_2_00007FFDFAC822D9
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC8C80 CRYPTO_free,1_2_00007FFDFACC8C80
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFDFAC81811
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFDFAC9EDC1
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFDFAC81B54
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81771 CRYPTO_free,1_2_00007FFDFAC81771
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFDFAC9EDC1
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFDFAC8222F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE0330 CRYPTO_free,CRYPTO_strndup,1_2_00007FFDFACE0330
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC81B31
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC84300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFDFAC84300
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9E427 CRYPTO_THREAD_write_lock,1_2_00007FFDFAC9E427
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFDFAC8198D
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA2410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,1_2_00007FFDFACA2410
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC823DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFDFAC823DD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFDFAC81D93
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACEA3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFACEA3D0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE43C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,1_2_00007FFDFACE43C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC92360 CRYPTO_THREAD_run_once,1_2_00007FFDFAC92360
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD8390 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACD8390
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC819DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,1_2_00007FFDFAC819DD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,1_2_00007FFDFAC81361
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC84100 CRYPTO_free,1_2_00007FFDFAC84100
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8E0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,1_2_00007FFDFAC8E0AD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA20A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,1_2_00007FFDFACA20A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACE00A0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFACE00A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACD80C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFDFACD80C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC82527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFDFAC82527
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC9C080 CRYPTO_free,CRYPTO_memdup,1_2_00007FFDFAC9C080
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA01582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,6_2_00007FFDFBA01582
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA0155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,6_2_00007FFDFBA0155A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA01483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,6_2_00007FFDFBA01483
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA019E7 CRYPTO_free,6_2_00007FFDFBA019E7
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA25B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,6_2_00007FFDFBA25B90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA7BB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,6_2_00007FFDFBA7BB70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA15BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,6_2_00007FFDFBA15BB0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA2DBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,6_2_00007FFDFBA2DBA0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA61B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,6_2_00007FFDFBA61B9F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA4FB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,6_2_00007FFDFBA4FB00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA2FAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,6_2_00007FFDFBA2FAF0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA17A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,6_2_00007FFDFBA17A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA63A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,6_2_00007FFDFBA63A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA49A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,6_2_00007FFDFBA49A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA43A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,6_2_00007FFDFBA43A00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA01A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,6_2_00007FFDFBA01A15
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA01A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,6_2_00007FFDFBA01A41
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA6BA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,6_2_00007FFDFBA6BA20
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA0105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,6_2_00007FFDFBA0105F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA4D980 RAND_bytes_ex,CRYPTO_malloc,memset,6_2_00007FFDFBA4D980
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA51970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,6_2_00007FFDFBA51970
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA011DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,6_2_00007FFDFBA011DB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA0F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,6_2_00007FFDFBA0F910
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA7B900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,6_2_00007FFDFBA7B900
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA01654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,6_2_00007FFDFBA01654
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA01E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,6_2_00007FFDFBA01E6A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA0589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,6_2_00007FFDFBA0589C

Phishing

barindex
AI detected suspicious URL
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://alert-metamask.info
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: https://alert-metamask.info
Source: UpdaterTool.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2951840830.00007FFE01377000.00000002.00000001.01000000.00000014.sdmp, UpdaterTool.exe, 00000005.00000003.1775596108.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2950278609.00007FFDFB9F7000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: UpdaterTool.exe, 00000001.00000002.2949319095.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000006.00000002.2947899878.00007FFDF9D2A000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\_win32sysloader.pdb source: UpdaterTool.exe, 00000000.00000003.1698853743.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775851430.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptography_rust.pdbc source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: UpdaterTool.exe, 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: UpdaterTool.exe, 00000001.00000002.2952622584.00007FFE0E171000.00000002.00000001.01000000.00000018.sdmp, UpdaterTool.exe, 00000006.00000002.2951237378.00007FFDFF6B1000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953956063.00007FFE11BB4000.00000002.00000001.01000000.00000015.sdmp, UpdaterTool.exe, 00000005.00000003.1764918641.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952681947.00007FFE08ED4000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb}},GCTL source: UpdaterTool.exe, 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32trace.pdb source: UpdaterTool.exe, 00000000.00000003.1699093300.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1776131249.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: UpdaterTool.exe, 00000000.00000003.1687683597.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954670837.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp, UpdaterTool.exe, 00000005.00000003.1763260702.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953613558.00007FFE101E4000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: UpdaterTool.exe, 00000001.00000002.2949319095.00007FFDFB102000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000006.00000002.2947899878.00007FFDF9C92000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: UpdaterTool.exe, 00000000.00000003.1687683597.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954670837.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp, UpdaterTool.exe, 00000005.00000003.1763260702.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953613558.00007FFE101E4000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb!! source: UpdaterTool.exe, 00000001.00000002.2952420191.00007FFE0E143000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: UpdaterTool.exe, 00000001.00000002.2949319095.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000006.00000002.2947899878.00007FFDF9D2A000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb source: UpdaterTool.exe, 00000001.00000002.2952420191.00007FFE0E143000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: UpdaterTool.exe, 00000000.00000003.1687845661.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953766612.00007FFE117E5000.00000002.00000001.01000000.00000016.sdmp, UpdaterTool.exe, 00000005.00000003.1763444136.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952491969.00007FFE02A15000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2955038395.00007FFE13303000.00000002.00000001.01000000.0000000C.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: UpdaterTool.exe, 00000001.00000002.2954317646.00007FFE11ED3000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: UpdaterTool.exe, 00000001.00000002.2952622584.00007FFE0E171000.00000002.00000001.01000000.00000018.sdmp, UpdaterTool.exe, 00000006.00000002.2951237378.00007FFDFF6B1000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954912779.00007FFE130C6000.00000002.00000001.01000000.00000010.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953806905.00007FFE10236000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953528643.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp, UpdaterTool.exe, 00000005.00000003.1764363951.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952086765.00007FFE0074B000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954793185.00007FFE12E13000.00000002.00000001.01000000.00000011.sdmp, UpdaterTool.exe, 00000005.00000003.1764509163.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb source: UpdaterTool.exe, 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953528643.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp, UpdaterTool.exe, 00000005.00000003.1764363951.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952086765.00007FFE0074B000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954542077.00007FFE126CD000.00000002.00000001.01000000.00000009.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953408821.00007FFE0EB2D000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953956063.00007FFE11BB4000.00000002.00000001.01000000.00000015.sdmp, UpdaterTool.exe, 00000005.00000003.1764918641.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952681947.00007FFE08ED4000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954147891.00007FFE11EA9000.00000002.00000001.01000000.0000000B.sdmp, UpdaterTool.exe, 00000005.00000003.1764608058.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952314784.00007FFE01219000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: cryptography_rust.pdb source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2939927246.0000020DC6D70000.00000002.00000001.01000000.00000006.sdmp, UpdaterTool.exe, 00000005.00000003.1772919592.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939152139.00000222A2840000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: UpdaterTool.exe, 00000001.00000002.2950295771.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp, UpdaterTool.exe, 00000006.00000002.2948861525.00007FFDFA1F8000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: UpdaterTool.exe, 00000000.00000003.1687845661.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953766612.00007FFE117E5000.00000002.00000001.01000000.00000016.sdmp, UpdaterTool.exe, 00000005.00000003.1763444136.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952491969.00007FFE02A15000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: UpdaterTool.exe, 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: UpdaterTool.exe, 00000001.00000002.2953053216.00007FFE1024E000.00000002.00000001.01000000.0000000D.sdmp
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5789280 FindFirstFileExW,FindClose,0_2_00007FF6E5789280
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6E57A1874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6E57883C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5789280 FindFirstFileExW,FindClose,1_2_00007FF6E5789280
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6E57A1874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6E57883C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF1553D0 PyArg_ParseTuple,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,6_2_00007FFDFF1553D0

Networking

barindex
Uses the Telegram API (likely for C&C communication)
Source: unknownDNS query: name: api.telegram.org
Source: global trafficTCP traffic: 192.168.2.4:55575 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 185.199.111.153 185.199.111.153
Source: Joe Sandbox ViewIP Address: 185.199.111.153 185.199.111.153
Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: alert-metamask.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/icon.svg HTTP/1.1Host: metamask.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://alert-metamask.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/icon.svg HTTP/1.1Host: metamask.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: alert-metamask.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: api.telegram.org
Source: global trafficDNS traffic detected: DNS query: alert-metamask.info
Source: global trafficDNS traffic detected: DNS query: metamask.io
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: UpdaterTool.exe, 00000001.00000002.2944280136.0000020DC7E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: UpdaterTool.exe, 00000001.00000002.2941547478.0000020DC7590000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info/
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info//-
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info//c=I
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info/583
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info/Qx
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info/S-e
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info/SJ
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alert-metamask.info/w/
Source: UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764762314.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775596108.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1773687057.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digix
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: UpdaterTool.exe, 00000001.00000002.2939393895.0000020DC5477000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlhX
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlh
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlp
Source: UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1773687057.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: UpdaterTool.exe, 00000005.00000003.1764608058.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: UpdaterTool.exe, 00000001.00000003.1712398878.0000020DC7A64000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944280136.0000020DC7E90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711949654.0000020DC7A39000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2942856317.00000222A51F0000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787217256.00000222A506B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787327944.00000222A4F64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1773687057.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: UpdaterTool.exe, 00000006.00000002.2941724108.00000222A505E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/z
Source: UpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl~
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1693125430.000002322272A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1694448218.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1695661566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC73FD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1785862423.00000222A4D67000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A505E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712398878.0000020DC7A64000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711949654.0000020DC7A39000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787217256.00000222A506B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787327944.00000222A4F64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
Source: UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C14000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8BD8000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2945077322.00000222A6014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8189223637:AAFivU8R-ibjnOIJ-jbNzhmXtzM-HgY1524/sendMessage
Source: UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8189223637:AAFivU8R-ibjnOIJ-jbNzhmXtzM-HgY1524/sendMessage0
Source: UpdaterTool.exeString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: UpdaterTool.exe, 00000001.00000002.2943807264.0000020DC7C90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2942707407.00000222A50F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784298765.00000222A497B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: UpdaterTool.exe, 00000001.00000002.2940973947.0000020DC7290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6ED4000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A4334000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6ED4000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A4334000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: UpdaterTool.exe, 00000001.00000002.2939393895.0000020DC5477000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: UpdaterTool.exe, 00000001.00000003.1714079036.0000020DC795F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC791D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4E79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: UpdaterTool.exe, UpdaterTool.exe, 00000006.00000002.2951315641.00007FFDFF6C2000.00000002.00000001.01000000.00000032.sdmp, UpdaterTool.exe, 00000006.00000002.2951114413.00007FFDFF171000.00000002.00000001.01000000.00000034.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6ED4000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A4334000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: UpdaterTool.exe, 00000001.00000003.1710393826.0000020DC7916000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC786B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710206198.0000020DC7916000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1785765333.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788795117.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1785862423.00000222A4DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC786B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A49E3000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787282619.00000222A49E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: UpdaterTool.exe, 00000006.00000002.2942707407.00000222A50F0000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1707894054.0000020DC74D9000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC7474000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708607542.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A4900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790265075.00000222A5017000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787327944.00000222A501B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788795117.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: UpdaterTool.exe, 00000001.00000003.1713551694.0000020DC77A2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC7799000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4E79000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1789451791.00000222A4F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: UpdaterTool.exe, 00000001.00000003.1700855729.0000020DC7051000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941547478.0000020DC7590000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1777328782.00000222A44B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: UpdaterTool.exe, 00000001.00000002.2950295771.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp, UpdaterTool.exe, 00000006.00000002.2948861525.00007FFDFA1F8000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorr
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1707894054.0000020DC74D9000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC7474000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708607542.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A4900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioxe
Source: UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7A9C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC73FD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC740C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784298765.00000222A4897000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: UpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: UpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyr
Source: UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: UpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings0
Source: UpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsThe
Source: UpdaterTool.exe, 00000001.00000002.2943807264.0000020DC7C90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2942707407.00000222A50F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC780E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC780E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC780E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786438941.00000222A49AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: UpdaterTool.exe, 00000000.00000003.1690535566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768158073.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: UpdaterTool.exe, 00000000.00000003.1690535566.0000023222730000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1690597581.0000023222731000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1690535566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768357903.0000013B22C3D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768158073.0000013B22C3D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768158073.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra0
Source: UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2949795213.00007FFDFB244000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmp, UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2950833491.00007FFDFBAC0000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://www.openssl.org/H
Source: UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1707894054.0000020DC74D9000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC7474000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708607542.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A4900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: UpdaterTool.exe, 00000001.00000003.1713551694.0000020DC77A2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC7799000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4E79000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1789451791.00000222A4F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: UpdaterTool.exe, 00000001.00000002.2950295771.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp, UpdaterTool.exe, 00000006.00000002.2948861525.00007FFDFA1F8000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/d
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55657
Source: unknownNetwork traffic detected: HTTP traffic on port 55658 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55632 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55658
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55632
Source: unknownNetwork traffic detected: HTTP traffic on port 55670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55677
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55670
Source: unknownNetwork traffic detected: HTTP traffic on port 55677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF154F70 PyArg_ParseTuple,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,6_2_00007FFDFF154F70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF155980 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFDFF155980
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A08C80_2_00007FF6E57A08C8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57810000_2_00007FF6E5781000
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57889E00_2_00007FF6E57889E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A69640_2_00007FF6E57A6964
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A5C000_2_00007FF6E57A5C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E579DEF00_2_00007FF6E579DEF0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A97280_2_00007FF6E57A9728
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A5E7C0_2_00007FF6E57A5E7C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5799EA00_2_00007FF6E5799EA0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5791D540_2_00007FF6E5791D54
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E579E5700_2_00007FF6E579E570
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57935A00_2_00007FF6E57935A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57980E40_2_00007FF6E57980E4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A18740_2_00007FF6E57A1874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A40AC0_2_00007FF6E57A40AC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57898000_2_00007FF6E5789800
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57917400_2_00007FF6E5791740
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5791F600_2_00007FF6E5791F60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57987940_2_00007FF6E5798794
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578A2DB0_2_00007FF6E578A2DB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E579DA5C0_2_00007FF6E579DA5C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57919440_2_00007FF6E5791944
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57921640_2_00007FF6E5792164
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57939A40_2_00007FF6E57939A4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5795D300_2_00007FF6E5795D30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578A4740_2_00007FF6E578A474
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578ACAD0_2_00007FF6E578ACAD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5792C100_2_00007FF6E5792C10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A3C100_2_00007FF6E57A3C10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A08C80_2_00007FF6E57A08C8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A64180_2_00007FF6E57A6418
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5791B500_2_00007FF6E5791B50
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57810001_2_00007FF6E5781000
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A69641_2_00007FF6E57A6964
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E579DEF01_2_00007FF6E579DEF0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A97281_2_00007FF6E57A9728
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A5E7C1_2_00007FF6E57A5E7C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5799EA01_2_00007FF6E5799EA0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5791D541_2_00007FF6E5791D54
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E579E5701_2_00007FF6E579E570
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57935A01_2_00007FF6E57935A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A08C81_2_00007FF6E57A08C8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57980E41_2_00007FF6E57980E4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A18741_2_00007FF6E57A1874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A40AC1_2_00007FF6E57A40AC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57898001_2_00007FF6E5789800
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57917401_2_00007FF6E5791740
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5791F601_2_00007FF6E5791F60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57987941_2_00007FF6E5798794
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E578A2DB1_2_00007FF6E578A2DB
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E579DA5C1_2_00007FF6E579DA5C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57889E01_2_00007FF6E57889E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57919441_2_00007FF6E5791944
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57921641_2_00007FF6E5792164
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57939A41_2_00007FF6E57939A4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5795D301_2_00007FF6E5795D30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E578A4741_2_00007FF6E578A474
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E578ACAD1_2_00007FF6E578ACAD
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A5C001_2_00007FF6E57A5C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5792C101_2_00007FF6E5792C10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A3C101_2_00007FF6E57A3C10
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A08C81_2_00007FF6E57A08C8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A64181_2_00007FF6E57A6418
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5791B501_2_00007FF6E5791B50
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD8A301_2_00007FFDFABD8A30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABEDA901_2_00007FFDFABEDA90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC01FC01_2_00007FFDFAC01FC0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABF32301_2_00007FFDFABF3230
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABFF6901_2_00007FFDFABFF690
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABF37801_2_00007FFDFABF3780
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABECB701_2_00007FFDFABECB70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABEA8801_2_00007FFDFABEA880
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABFECC01_2_00007FFDFABFECC0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC023001_2_00007FFDFAC02300
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABC85501_2_00007FFDFABC8550
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC084A01_2_00007FFDFAC084A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD85E01_2_00007FFDFABD85E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACABAE01_2_00007FFDFACABAE0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC9A601_2_00007FFDFACC9A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8155A1_2_00007FFDFAC8155A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACC5C001_2_00007FFDFACC5C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC816541_2_00007FFDFAC81654
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC813DE1_2_00007FFDFAC813DE
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC821C61_2_00007FFDFAC821C6
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC815961_2_00007FFDFAC81596
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCD9801_2_00007FFDFACCD980
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81AD71_2_00007FFDFAC81AD7
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC815461_2_00007FFDFAC81546
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA60301_2_00007FFDFACA6030
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACCDE501_2_00007FFDFACCDE50
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81FDC1_2_00007FFDFAC81FDC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC821E41_2_00007FFDFAC821E4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC817F81_2_00007FFDFAC817F8
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACED2D01_2_00007FFDFACED2D0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC827021_2_00007FFDFAC82702
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC824DC1_2_00007FFDFAC824DC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81C121_2_00007FFDFAC81C12
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF36501_2_00007FFDFACF3650
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81A0F1_2_00007FFDFAC81A0F
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC826171_2_00007FFDFAC82617
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACB89201_2_00007FFDFACB8920
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81EE21_2_00007FFDFAC81EE2
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACF88701_2_00007FFDFACF8870
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC816181_2_00007FFDFAC81618
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8117C1_2_00007FFDFAC8117C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81CBC1_2_00007FFDFAC81CBC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8149C1_2_00007FFDFAC8149C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACFAC801_2_00007FFDFACFAC80
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81B541_2_00007FFDFAC81B54
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC81D931_2_00007FFDFAC81D93
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF9838A306_2_00007FFDF9838A30
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF984DA906_2_00007FFDF984DA90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF9861FC06_2_00007FFDF9861FC0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF98532306_2_00007FFDF9853230
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF98537806_2_00007FFDF9853780
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF985F6906_2_00007FFDF985F690
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF984A8806_2_00007FFDF984A880
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF984CB706_2_00007FFDF984CB70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF985ECC06_2_00007FFDF985ECC0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF98623006_2_00007FFDF9862300
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF98385E06_2_00007FFDF98385E0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF98285506_2_00007FFDF9828550
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF98684A06_2_00007FFDF98684A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB919F806_2_00007FFDFB919F80
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB9513006_2_00007FFDFB951300
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB9519506_2_00007FFDFB951950
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB9522706_2_00007FFDFB952270
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA45C006_2_00007FFDFBA45C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA0155A6_2_00007FFDFBA0155A
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA2BAE06_2_00007FFDFBA2BAE0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA49A606_2_00007FFDFBA49A60
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA015966_2_00007FFDFBA01596
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA4D9806_2_00007FFDFBA4D980
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFBA016546_2_00007FFDFBA01654
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF1543F06_2_00007FFDFF1543F0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDF98389C0 appears 248 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFACFD425 appears 40 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFBA01325 appears 51 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFABD89C0 appears 248 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDF9824BF0 appears 77 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFAC81325 appears 407 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDF9824250 appears 68 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FF6E5782910 appears 34 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFBA7D32F appears 49 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFBA7D341 appears 164 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFACFD341 appears 1016 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFACFD33B appears 39 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFACFDB03 appears 40 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFACFD32F appears 267 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFABC4250 appears 68 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FF6E5782710 appears 104 times
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: String function: 00007FFDFABC4BF0 appears 77 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.5.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.5.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: UpdaterTool.exe, 00000000.00000003.1698853743.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1699093300.000002322272F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1699093300.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1697906207.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688354629.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1698994694.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1687372431.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1687845661.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1687683597.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1696865157.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1688215399.0000023222721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1694657352.0000023222722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000000.00000003.1698853743.0000023222730000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exeBinary or memory string: OriginalFilename vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2939927246.0000020DC6D70000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2953648591.00007FFE11523000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2955086595.00007FFE13306000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954839380.00007FFE12E16000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954963485.00007FFE130CD000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2952698909.00007FFE0E182000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2953218125.00007FFE1026A000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954367124.00007FFE11EDE000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2949795213.00007FFDFB244000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibsslH vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954720869.00007FFE126FA000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2953844653.00007FFE117E9000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2952490537.00007FFE0E151000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2952106043.00007FFE0137C000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954593249.00007FFE126D2000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954224420.00007FFE11EB3000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2954032733.00007FFE11BB8000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000001.00000002.2951721234.00007FFDFB8A0000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython313.dll. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1763444136.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1776131249.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1772487132.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1775851430.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1775275775.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1762872391.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764762314.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764060013.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764918641.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1775851430.0000013B22C3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1763260702.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1774949359.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1775596108.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1772919592.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764363951.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1775978328.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764509163.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1776131249.0000013B22C3C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1763891344.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000005.00000003.1764608058.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exeBinary or memory string: OriginalFilename vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2952379972.00007FFE01223000.00000002.00000001.01000000.00000025.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2939152139.00000222A2840000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2953884551.00007FFE1023D000.00000002.00000001.01000000.0000002A.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2953291658.00007FFE0EA76000.00000002.00000001.01000000.0000002B.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2953487775.00007FFE0EB32000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2953115710.00007FFE0C0BE000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2950833491.00007FFDFBAC0000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: OriginalFilenamelibsslH vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2951315641.00007FFDFF6C2000.00000002.00000001.01000000.00000032.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2950543374.00007FFDFB9FC000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2954071172.00007FFE11076000.00000002.00000001.01000000.00000026.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2952203203.00007FFE00753000.00000002.00000001.01000000.00000024.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2953686422.00007FFE101EA000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2951979065.00007FFE0048A000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs UpdaterTool.exe
Source: UpdaterTool.exe, 00000006.00000002.2951114413.00007FFDFF171000.00000002.00000001.01000000.00000034.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs UpdaterTool.exe
Source: classification engineClassification label: mal80.troj.evad.winEXE@31/89@11/9
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF154C00 _Py_NoneStruct,PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,GetDiskFreeSpaceW,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,6_2_00007FFDFF154C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD1330 PyArg_ParseTuple,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,PyObject_IsInstance,PyErr_Occurred,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_GetAttrString,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,_Py_Dealloc,PyEval_SaveThread,CoCreateInstance,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,1_2_00007FFDFABD1330
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF15CBB0 PyArg_ParseTuple,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,FindResourceExW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,SizeofResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LoadResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LockResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,6_2_00007FFDFF15CBB0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7672:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322Jump to behavior
Source: UpdaterTool.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\UpdaterTool.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\UpdaterTool.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: UpdaterTool.exeReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\UpdaterTool.exeFile read: C:\Users\user\Desktop\UpdaterTool.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\UpdaterTool.exe "C:\Users\user\Desktop\UpdaterTool.exe"
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Users\user\Desktop\UpdaterTool.exe "C:\Users\user\Desktop\UpdaterTool.exe"
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST
Source: unknownProcess created: C:\Users\user\Desktop\UpdaterTool.exe C:\Users\user\Desktop\UpdaterTool.exe
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Users\user\Desktop\UpdaterTool.exe C:\Users\user\Desktop\UpdaterTool.exe
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://alert-metamask.info/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,3885513550755460943,12905883307123306454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Users\user\Desktop\UpdaterTool.exe "C:\Users\user\Desktop\UpdaterTool.exe"Jump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST"Jump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://alert-metamask.info/Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHESTJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Users\user\Desktop\UpdaterTool.exe C:\Users\user\Desktop\UpdaterTool.exeJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHESTJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,3885513550755460943,12905883307123306454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\UpdaterTool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociationsJump to behavior
Source: UpdaterTool.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: UpdaterTool.exeStatic file information: File size 16001583 > 1048576
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: UpdaterTool.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: UpdaterTool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2951840830.00007FFE01377000.00000002.00000001.01000000.00000014.sdmp, UpdaterTool.exe, 00000005.00000003.1775596108.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2950278609.00007FFDFB9F7000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: UpdaterTool.exe, 00000001.00000002.2949319095.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000006.00000002.2947899878.00007FFDF9D2A000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\_win32sysloader.pdb source: UpdaterTool.exe, 00000000.00000003.1698853743.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775851430.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptography_rust.pdbc source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: UpdaterTool.exe, 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: UpdaterTool.exe, 00000001.00000002.2952622584.00007FFE0E171000.00000002.00000001.01000000.00000018.sdmp, UpdaterTool.exe, 00000006.00000002.2951237378.00007FFDFF6B1000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953956063.00007FFE11BB4000.00000002.00000001.01000000.00000015.sdmp, UpdaterTool.exe, 00000005.00000003.1764918641.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952681947.00007FFE08ED4000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb}},GCTL source: UpdaterTool.exe, 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32trace.pdb source: UpdaterTool.exe, 00000000.00000003.1699093300.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1776131249.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: UpdaterTool.exe, 00000000.00000003.1687683597.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954670837.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp, UpdaterTool.exe, 00000005.00000003.1763260702.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953613558.00007FFE101E4000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: UpdaterTool.exe, 00000001.00000002.2949319095.00007FFDFB102000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000006.00000002.2947899878.00007FFDF9C92000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: UpdaterTool.exe, 00000000.00000003.1687683597.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954670837.00007FFE126F4000.00000002.00000001.01000000.00000005.sdmp, UpdaterTool.exe, 00000005.00000003.1763260702.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953613558.00007FFE101E4000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb!! source: UpdaterTool.exe, 00000001.00000002.2952420191.00007FFE0E143000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: UpdaterTool.exe, 00000001.00000002.2949319095.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp, UpdaterTool.exe, 00000006.00000002.2947899878.00007FFDF9D2A000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb source: UpdaterTool.exe, 00000001.00000002.2952420191.00007FFE0E143000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: UpdaterTool.exe, 00000000.00000003.1687845661.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953766612.00007FFE117E5000.00000002.00000001.01000000.00000016.sdmp, UpdaterTool.exe, 00000005.00000003.1763444136.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952491969.00007FFE02A15000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: UpdaterTool.exe, 00000000.00000003.1698192669.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2955038395.00007FFE13303000.00000002.00000001.01000000.0000000C.sdmp, UpdaterTool.exe, 00000005.00000003.1775432167.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: UpdaterTool.exe, 00000001.00000002.2954317646.00007FFE11ED3000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: UpdaterTool.exe, 00000001.00000002.2952622584.00007FFE0E171000.00000002.00000001.01000000.00000018.sdmp, UpdaterTool.exe, 00000006.00000002.2951237378.00007FFDFF6B1000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: UpdaterTool.exe, 00000000.00000003.1688516119.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954912779.00007FFE130C6000.00000002.00000001.01000000.00000010.sdmp, UpdaterTool.exe, 00000005.00000003.1764236210.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953806905.00007FFE10236000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953528643.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp, UpdaterTool.exe, 00000005.00000003.1764363951.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952086765.00007FFE0074B000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: UpdaterTool.exe, 00000000.00000003.1688733443.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954793185.00007FFE12E13000.00000002.00000001.01000000.00000011.sdmp, UpdaterTool.exe, 00000005.00000003.1764509163.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb source: UpdaterTool.exe, 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: UpdaterTool.exe, 00000000.00000003.1688628356.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953528643.00007FFE1151B000.00000002.00000001.01000000.0000000A.sdmp, UpdaterTool.exe, 00000005.00000003.1764363951.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952086765.00007FFE0074B000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: UpdaterTool.exe, 00000000.00000003.1687943032.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954542077.00007FFE126CD000.00000002.00000001.01000000.00000009.sdmp, UpdaterTool.exe, 00000005.00000003.1763575144.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2953408821.00007FFE0EB2D000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: UpdaterTool.exe, 00000000.00000003.1689027621.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953956063.00007FFE11BB4000.00000002.00000001.01000000.00000015.sdmp, UpdaterTool.exe, 00000005.00000003.1764918641.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952681947.00007FFE08ED4000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: UpdaterTool.exe, 00000000.00000003.1688805279.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2954147891.00007FFE11EA9000.00000002.00000001.01000000.0000000B.sdmp, UpdaterTool.exe, 00000005.00000003.1764608058.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952314784.00007FFE01219000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: cryptography_rust.pdb source: UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: UpdaterTool.exe, 00000000.00000003.1695056147.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2939927246.0000020DC6D70000.00000002.00000001.01000000.00000006.sdmp, UpdaterTool.exe, 00000005.00000003.1772919592.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939152139.00000222A2840000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: UpdaterTool.exe, 00000001.00000002.2950295771.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp, UpdaterTool.exe, 00000006.00000002.2948861525.00007FFDFA1F8000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: UpdaterTool.exe, 00000000.00000003.1687845661.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2953766612.00007FFE117E5000.00000002.00000001.01000000.00000016.sdmp, UpdaterTool.exe, 00000005.00000003.1763444136.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2952491969.00007FFE02A15000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: UpdaterTool.exe, 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: UpdaterTool.exe, 00000001.00000002.2953053216.00007FFE1024E000.00000002.00000001.01000000.0000000D.sdmp
Source: UpdaterTool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: UpdaterTool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: UpdaterTool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: UpdaterTool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: UpdaterTool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD7B40 PyArg_ParseTuple,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,LoadLibraryW,GetProcAddress,PyExc_NotImplementedError,PyErr_Format,PyEval_SaveThread,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,1_2_00007FFDFABD7B40
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python313.dll.0.drStatic PE information: section name: PyRuntim
Source: mfc140u.dll.5.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.5.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.5.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.5.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.5.drStatic PE information: section name: .00cfg
Source: python313.dll.5.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFACA4331 push rcx; ret 1_2_00007FFDFACA4332
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\select.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\select.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76042\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57876C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6E57876C0
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\select.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\select.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76042\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\UpdaterTool.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18192
Source: C:\Users\user\Desktop\UpdaterTool.exeAPI coverage: 0.9 %
Source: C:\Users\user\Desktop\UpdaterTool.exeAPI coverage: 1.0 %
Source: C:\Users\user\Desktop\UpdaterTool.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E5789280 FindFirstFileExW,FindClose,0_2_00007FF6E5789280
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6E57A1874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6E57883C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E5789280 FindFirstFileExW,FindClose,1_2_00007FF6E5789280
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57A1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6E57A1874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E57883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6E57883C0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF1553D0 PyArg_ParseTuple,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,6_2_00007FFDFF1553D0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB91BEB0 _Py_NoneStruct,PyArg_ParseTuple,GetSystemInfo,VirtualAlloc,_Py_Dealloc,PyExc_MemoryError,PyErr_SetString,_PyObject_GC_New,PyExc_NotImplementedError,PyErr_Format,Py_FatalError,PyObject_GC_Track,PyExc_SystemError,PyErr_SetString,_Py_Dealloc,_Py_Dealloc,6_2_00007FFDFB91BEB0
Source: UpdaterTool.exe, 00000000.00000003.1689528256.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1766876019.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: UpdaterTool.exe, 00000001.00000002.2944856650.0000020DC817A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: UpdaterTool.exe, 00000001.00000002.2944856650.0000020DC81A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\/LK
Source: UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786438941.00000222A49AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:Gs
Source: UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC753F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC73FD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC753F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ro.kernel.qemu
Source: UpdaterTool.exe, 00000001.00000002.2944856650.0000020DC81A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ro.kernel.qemur
Source: UpdaterTool.exe, 00000001.00000002.2941547478.0000020DC7590000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: hGfSingle
Source: UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dro.kernel.qemu
Source: UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\I\
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E579A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E579A614
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD7B40 PyArg_ParseTuple,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,LoadLibraryW,GetProcAddress,PyExc_NotImplementedError,PyErr_Format,PyEval_SaveThread,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,1_2_00007FFDFABD7B40
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A3480 GetProcessHeap,0_2_00007FF6E57A3480
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E579A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E579A614
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6E578D12C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6E578C8A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578D30C SetUnhandledExceptionFilter,0_2_00007FF6E578D30C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E579A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6E579A614
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E578D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6E578D12C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E578C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6E578C8A0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FF6E578D30C SetUnhandledExceptionFilter,1_2_00007FF6E578D30C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC1B3F4 SetUnhandledExceptionFilter,1_2_00007FFDFAC1B3F4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC1B20C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAC1B20C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC1A874 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAC1A874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFAC8212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAC8212B
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF987B20C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFDF987B20C
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF987B3F4 SetUnhandledExceptionFilter,6_2_00007FFDF987B3F4
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF987A874 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFDF987A874
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB92A450 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFDFB92A450
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB92AD98 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFDFB92AD98
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB953248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFDFB953248
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFB952C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFDFB952C90
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF161A98 SetUnhandledExceptionFilter,6_2_00007FFDFF161A98
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF160CAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFDFF160CAC
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF1618B0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFDFF1618B0
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF15DC70 PyArg_ParseTuple,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFDFF15DC70
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF15DD10 PyArg_ParseTuple,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFDFF15DD10
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Users\user\Desktop\UpdaterTool.exe "C:\Users\user\Desktop\UpdaterTool.exe"Jump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://alert-metamask.info/Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHESTJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeProcess created: C:\Users\user\Desktop\UpdaterTool.exe C:\Users\user\Desktop\UpdaterTool.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHESTJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A9570 cpuid 0_2_00007FF6E57A9570
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.13\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.13\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings\_rust.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\_cffi_backend.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI74322 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76042 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeQueries volume information: C:\Users\user\Desktop\UpdaterTool.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E578D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6E578D010
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF154200 PyArg_ParseTuple,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,6_2_00007FFDFF154200
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 0_2_00007FF6E57A5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6E57A5C00
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDFF157850 PyArg_ParseTuple,GetVersion,Py_BuildValue,6_2_00007FFDFF157850
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD3430 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,Py_BuildValue,1_2_00007FFDFABD3430
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 1_2_00007FFDFABD4620 PyArg_ParseTuple,PyEval_SaveThread,CreateBindCtx,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,1_2_00007FFDFABD4620
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF9833430 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,Py_BuildValue,6_2_00007FFDF9833430
Source: C:\Users\user\Desktop\UpdaterTool.exeCode function: 6_2_00007FFDF9834620 PyArg_ParseTuple,PyEval_SaveThread,CreateBindCtx,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,6_2_00007FFDF9834620

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
Browser Extensions		11
Process Injection		1
Virtualization/Sandbox Evasion		11
Input Capture		2
System Time Discovery		Remote Services11
Input Capture		1
Web Service		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		1
Scheduled Task/Job		11
Process Injection		LSASS Memory31
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
Account Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets1
System Owner/User Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync27
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584834 Sample: UpdaterTool.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 80 54 api.telegram.org 2->54 70 Antivirus detection for URL or domain 2->70 72 Multi AV Scanner detection for submitted file 2->72 74 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->74 78 3 other signatures 2->78 9 UpdaterTool.exe 52 2->9         started        12 UpdaterTool.exe 52 2->12         started        signatures3 76 Uses the Telegram API (likely for C&C communication) 54->76 process4 file5 38 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 9->38 dropped 40 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 9->40 dropped 42 C:\Users\user\AppData\...\_win32sysloader.pyd, PE32+ 9->42 dropped 50 27 other files (none is malicious) 9->50 dropped 14 UpdaterTool.exe 16 9->14         started        44 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 12->44 dropped 46 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 12->46 dropped 48 C:\Users\user\AppData\...\_win32sysloader.pyd, PE32+ 12->48 dropped 52 27 other files (none is malicious) 12->52 dropped 17 UpdaterTool.exe 12->17         started        process6 dnsIp7 62 api.telegram.org 149.154.167.220, 443, 49731, 49732 TELEGRAMRU United Kingdom 14->62 19 cmd.exe 1 14->19         started        22 chrome.exe 14->22         started        25 cmd.exe 1 17->25         started        process8 dnsIp9 80 Uses schtasks.exe or at.exe to add and modify task schedules 19->80 27 conhost.exe 19->27         started        29 schtasks.exe 1 19->29         started        56 192.168.2.24 unknown unknown 22->56 58 192.168.2.4, 138, 443, 49544 unknown unknown 22->58 60 239.255.255.250 unknown Reserved 22->60 31 chrome.exe 22->31         started        34 conhost.exe 25->34         started        36 schtasks.exe 1 25->36         started        signatures10 process11 dnsIp12 64 alert-metamask.info 84.32.84.152, 55644, 55645, 80 NTT-LT-ASLT Lithuania 31->64 66 92.113.16.253, 443, 55657, 55658 UKRTELNETUA Ukraine 31->66 68 3 other IPs or domains 31->68

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
UpdaterTool.exe16%ReversingLabsWin64.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_cffi_backend.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\psutil\_psutil_windows.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pythoncom313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pywintypes313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\win32\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32trace.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_cffi_backend.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\psutil\_psutil_windows.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pythoncom313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pywintypes313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI76042\win32\_win32sysloader.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyr0%Avira URL Cloudsafe
http://alert-metamask.info/100%Avira URL Cloudmalware
http://alert-metamask.info/583100%Avira URL Cloudmalware
https://wwww.certigna.fr/autorites/d0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html0%Avira URL Cloudsafe
https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsThe0%Avira URL Cloudsafe
http://repository.swisssign.com/z0%Avira URL Cloudsafe
http://alert-metamask.info//-100%Avira URL Cloudmalware
http://cacerts.digix0%Avira URL Cloudsafe
http://alert-metamask.info//c=I100%Avira URL Cloudmalware
http://alert-metamask.info/w/100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
metamask.io
185.199.108.153
truefalse
    		high
    alert-metamask.info
    		84.32.84.152
    		truetrue
      		unknown
      www.google.com
      		172.217.16.196
      		truefalse
        		high
        api.telegram.org
        		149.154.167.220
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://alert-metamask.info/false
            		unknown
            http://alert-metamask.info/false
            • Avira URL Cloud: malware
            		unknown
            https://metamask.io/assets/icon.svgfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://github.com/asweigart/pyperclip/issues/55UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/pyca/cryptography/issues/8996UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpfalse
                  		high
                  https://api.telegram.org/botUpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/giampaolo/psutil/issues/875.UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://cloud.google.com/appengine/docs/standard/runtimesUpdaterTool.exe, 00000001.00000002.2943807264.0000020DC7C90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2942707407.00000222A50F0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/mhammond/pywin32UpdaterTool.exe, UpdaterTool.exe, 00000006.00000002.2951315641.00007FFDFF6C2000.00000002.00000001.01000000.00000032.sdmp, UpdaterTool.exe, 00000006.00000002.2951114413.00007FFDFF171000.00000002.00000001.01000000.00000034.sdmpfalse
                          		high
                          http://crl.dhimyotis.com/certignarootca.crl0UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyrUpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://alert-metamask.info//-UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83BE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/pyca/cryptography/actions?query=workflow%3ACIUpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://goo.gl/zeJZl.UpdaterTool.exe, 00000001.00000002.2945655139.0000020DC8890000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://docs.google.com/UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://tools.ietf.org/html/rfc2388#section-4.4UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.apache.org/licenses/LICENSE-2.0UpdaterTool.exe, 00000000.00000003.1690535566.0000023222730000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1690597581.0000023222731000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1690535566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768357903.0000013B22C3D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768158073.0000013B22C3D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768158073.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784298765.00000222A497B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://drive.google.com/UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://cacerts.digiUpdaterTool.exe, 00000000.00000003.1688910759.0000023222721000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1764762314.0000013B22C31000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1775596108.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.telegram.org/bot8189223637:AAFivU8R-ibjnOIJ-jbNzhmXtzM-HgY1524/sendMessageUpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C14000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8BD8000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2945077322.00000222A6014000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://peps.python.org/pep-0205/UpdaterTool.exe, 00000001.00000003.1700855729.0000020DC7051000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941547478.0000020DC7590000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1777328782.00000222A44B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.dhimyotis.com/certignarootca.crlUpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://curl.haxx.se/rfc/cookie_spec.htmlUpdaterTool.exe, 00000001.00000003.1712398878.0000020DC7A64000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944280136.0000020DC7E90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711949654.0000020DC7A39000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2942856317.00000222A51F0000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787217256.00000222A506B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787327944.00000222A4F64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ocsp.accv.esUpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsTheUpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameUpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688UpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6ED4000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A4334000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://httpbin.org/getUpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://httpbin.org/UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.telegram.org/bot8189223637:AAFivU8R-ibjnOIJ-jbNzhmXtzM-HgY1524/sendMessage0UpdaterTool.exe, 00000001.00000002.2946195728.0000020DC8C14000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeUpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://wwww.certigna.fr/autorites/0mUpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerUpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python/cpython/issues/86361.UpdaterTool.exe, 00000001.00000003.1710393826.0000020DC7916000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC786B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710206198.0000020DC7916000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1785765333.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788795117.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E9F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1785862423.00000222A4DFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://mail.python.org/pipermail/python-dev/2012-June/120787.html.UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://httpbin.org/UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.apache.org/licenses/UpdaterTool.exe, 00000000.00000003.1690535566.0000023222722000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1768158073.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainUpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://wwww.certigna.fr/autorites/UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileUpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                                      		high
                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleUpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesUpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cryptography.io/en/latest/installation/UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syUpdaterTool.exe, 00000001.00000002.2940664459.0000020DC705C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://repository.swisssign.com/zUpdaterTool.exe, 00000006.00000002.2941724108.00000222A505E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://crl.securetrust.com/STCA.crlUpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://wwwsearch.sf.net/):UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712398878.0000020DC7A64000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711949654.0000020DC7A39000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787217256.00000222A506B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787327944.00000222A4F64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://wwww.certigna.fr/autorites/dUpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://github.com/python/importlib_metadata/wiki/Development-MethodologyUpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.accv.es/legislacion_c.htmUpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tools.ietf.org/html/rfc6125#section-6.4.3UpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cryptography.io/en/latest/security/UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://cffi.readthedocs.io/en/latest/using.html#callbacksUpdaterTool.exefalse
                                                                                                                		high
                                                                                                                http://crl.xrampsecurity.com/XGCA.crl0UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://alert-metamask.info/583UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC8375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  http://www.cert.fnmt.es/dpcs/UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.accv.es00UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.python.org/psf/license/)UpdaterTool.exe, 00000001.00000002.2950295771.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp, UpdaterTool.exe, 00000006.00000002.2948861525.00007FFDFA1F8000.00000002.00000001.01000000.0000001E.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyUpdaterTool.exe, 00000006.00000003.1779370742.00000222A44E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/pyca/cryptography/issuesUpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl~UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://readthedocs.org/projects/cryptography/badge/?version=latestUpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC78A4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC782A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC786B000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A49E3000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787282619.00000222A49E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://google.com/UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://mahler:8092/site-updates.pyUpdaterTool.exe, 00000001.00000003.1713551694.0000020DC77A2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC7799000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4E79000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1789451791.00000222A4F9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlUpdaterTool.exe, 00000001.00000002.2943807264.0000020DC7C90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2942707407.00000222A50F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://crl.securetrust.com/SGCA.crlUpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://.../back.jpegUpdaterTool.exe, 00000001.00000002.2944280136.0000020DC7E90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://tools.ietf.org/html/rfc7231#section-4.3.6)UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC73FD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC740C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784298765.00000222A4897000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/pyca/cryptographyUpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://cryptography.io/UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyUpdaterTool.exe, 00000001.00000002.2941750370.0000020DC7690000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941277308.00000222A4AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://httpbin.org/postUpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1707894054.0000020DC74D9000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC7474000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708607542.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A4900000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorUpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceUpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6ED4000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A4334000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/pyca/cryptography/UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/Ousret/charset_normalizerUpdaterTool.exe, 00000001.00000003.1714079036.0000020DC795F000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC791D000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4E79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/urllib3/urllib3/issues/497UpdaterTool.exe, 00000006.00000002.2942707407.00000222A50F0000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.firmaprofesional.com/cps0UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943452738.00000222A55A1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://cacerts.digixUpdaterTool.exe, 00000000.00000003.1698330367.0000023222722000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specUpdaterTool.exe, 00000001.00000002.2940116136.0000020DC6E50000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939755632.00000222A42B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://alert-metamask.info//c=IUpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                              		unknown
                                                                                                                                                              http://crl.securetrust.com/SGCA.crl0UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataUpdaterTool.exe, 00000001.00000002.2939393895.0000020DC5477000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2939235749.00000222A28F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.securetrust.com/STCA.crl0UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://yahoo.com/UpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712670373.0000020DC7522000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710329227.0000020DC789C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1713285468.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710255818.0000020DC788C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A4DA1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786586199.00000222A4E19000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1790132663.00000222A4E21000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1787859354.00000222A4E1A000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788159871.00000222A489D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC73FD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714881533.0000020DC73F4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1785862423.00000222A4D67000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A47F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://w3c.github.io/html/sec-forms.html#multipart-form-dataUpdaterTool.exe, 00000001.00000003.1713285468.0000020DC780E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1712021841.0000020DC780E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2942191419.0000020DC7790000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714906217.0000020DC780E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786438941.00000222A49AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.quovadisglobal.com/cps0UpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A505E000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlUpdaterTool.exe, 00000001.00000002.2944680554.0000020DC8090000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2941724108.00000222A50B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7583000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://cryptography.io/en/latest/changelog/UpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://alert-metamask.info/w/UpdaterTool.exe, 00000001.00000002.2945396557.0000020DC83BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://github.com/pyca/cryptography/issues/9253UpdaterTool.exe, 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://mail.python.org/mailman/listinfo/cryptography-devUpdaterTool.exe, 00000000.00000003.1689950392.0000023222724000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000005.00000003.1767773646.0000013B22C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://requests.readthedocs.ioUpdaterTool.exe, 00000001.00000003.1710963005.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1707894054.0000020DC74D9000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2941160126.0000020DC7390000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1714594509.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1709162511.0000020DC74CD000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1710428295.0000020DC74A5000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708023539.0000020DC7474000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1711501018.0000020DC743C000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000002.2944468574.0000020DC7F90000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000001.00000003.1708607542.0000020DC74D0000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1788526301.00000222A48E4000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2940719325.00000222A48D2000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1786187452.00000222A48F1000.00000004.00000020.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000002.2943221448.00000222A53F0000.00000004.00001000.00020000.00000000.sdmp, UpdaterTool.exe, 00000006.00000003.1784855892.00000222A4900000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        185.199.111.153
                                                                                                                                                                                        		unknownNetherlands
                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                        149.154.167.220
                                                                                                                                                                                        		api.telegram.orgUnited Kingdom
                                                                                                                                                                                        		62041TELEGRAMRUfalse
                                                                                                                                                                                        92.113.16.253
                                                                                                                                                                                        		unknownUkraine
                                                                                                                                                                                        		6849UKRTELNETUAfalse
                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                        84.32.84.152
                                                                                                                                                                                        		alert-metamask.infoLithuania
                                                                                                                                                                                        		33922NTT-LT-ASLTtrue
                                                                                                                                                                                        185.199.108.153
                                                                                                                                                                                        		metamask.ioNetherlands
                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                        172.217.16.196
                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                        Private

                                                                                                                                                                                        IP
                                                                                                                                                                                        192.168.2.4
                                                                                                                                                                                        192.168.2.24

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                        Analysis ID:1584834
                                                                                                                                                                                        Start date and time:2025-01-06 15:59:07 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 10m 43s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:17
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:UpdaterTool.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal80.troj.evad.winEXE@31/89@11/9
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 142.250.185.195, 142.250.185.206, 74.125.206.84, 142.250.185.110, 142.250.185.78, 172.217.16.202, 142.250.186.35, 142.250.185.174, 142.250.186.174, 142.250.184.206, 142.250.184.238, 142.250.186.78, 142.250.186.131, 142.250.181.238, 52.149.20.212, 13.107.246.45, 23.56.254.164
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        15:00:07Task SchedulerRun new task: SystemUpdateTask path: C:\Users\user\Desktop\UpdaterTool.exe

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        149.154.167.220document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                            yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                              ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                  kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            239.255.255.250https://g248jqtc.r.ap-south-1.awstrack.me/L0/https:%2F%2Ffub.direct%2F1%2Fwpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE%2Fhttps%2Fwestcommerce.com.br%2Fe63a%2F3274607708%2FSmartadvocate%2F%23%3Fnl=ZGF5aGFuYXJhQHNtYXJ0YWR2b2NhdGUuY29t/1/010901943144e678-be97f397-fbf4-4935-81cc-f9ffe0e007ba-000000/Ra9zEF9F5Gh7LdH-GSmxaBW3ylU=188Get hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                              https://resolute-bear-n9r6wz.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://forms.gle/XsPfAF5jPgqSvvp87Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://forms.gle/XsPfAF5jPgqSvvp87Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    https://sendbot.me/mousse-w0fysl7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      http://gleapis.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        http://jennadewanunwrapped.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          http://103-198-26-128.hinet-ip.hinet.net/wp/plugins/Tracking/click/php/SuperTracking.html#UUJWakY1bVdkWlZQejIwbVl3cDFHb2haOENXZVhYZlpLTUNSU2x1eEVCdGJtbVhKT0ZWNkVTNjlQSXJDLzI3ekErVVlzTkFZbkh5T29jeG1LcWM4YkJUekd2M2h4amIxRWZ4am4va3cvOVk9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Profile Illustrations and Technical Specifications for This System1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              https://g248jqtc.r.ap-south-1.awstrack.me/L0/https:%2F%2Ffub.direct%2F1%2Fwpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE%2Fhttps%2Fwestcommerce.com.br%2Fe63i%2F7286520054%2FMackietransportation%2F%23%3Fnl=ZGVhbi5tYWNraWVAbWFja2lldHJhbnNwb3J0YXRpb24uY29t/1/010901943411f671-14b57a2c-4586-496c-a061-2f25bd5eed26-000000/5tAc1I97hb2OTOUlpCX6bWWJ9hY=188Get hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                185.199.111.153http://maine619.github.io/office/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • maine619.github.io/office/
                                                                                                                                                                                                                                http://milumuduli.github.io/netflix-templateGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • milumuduli.github.io/netflix-template
                                                                                                                                                                                                                                http://rajdeep-006.github.io/Netflix-CloneGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • rajdeep-006.github.io/Netflix-Clone
                                                                                                                                                                                                                                http://amitavadatta2004.github.io/Netflix-Clone-Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • amitavadatta2004.github.io/Netflix-Clone-
                                                                                                                                                                                                                                http://sanjaygowda23.github.io/netflix-homepageGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • sanjaygowda23.github.io/netflix-homepage
                                                                                                                                                                                                                                http://robinroji.github.io/netflixclonesiteGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • robinroji.github.io/netflixclonesite
                                                                                                                                                                                                                                http://cnfrmaccspgs0logg.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • cnfrmaccspgs0logg.github.io/
                                                                                                                                                                                                                                http://accs-homelog.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • accs-homelog.github.io/
                                                                                                                                                                                                                                http://acticityaccountactuallypages.github.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • acticityaccountactuallypages.github.io/
                                                                                                                                                                                                                                http://i-am-sherlocked21.github.io/netflixGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • i-am-sherlocked21.github.io/netflix

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                metamask.iohttps://jotform-mailing.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 104.21.64.1
                                                                                                                                                                                                                                http://bafybeid2klgyiphng6ifws5s35aor57wfi3so6koe2w4ggoacn6gqghegm.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.199.110.153
                                                                                                                                                                                                                                https://app.io-defi.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.199.108.153
                                                                                                                                                                                                                                https://metamask-support.web.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.199.108.153
                                                                                                                                                                                                                                api.telegram.orgdocument pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                TELEGRAMRUdocument pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                fiyati_teklif 615TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                NTT-LT-ASLTOrder Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                                Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                                inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                                Set-up.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                                                                                                                                                                • 84.32.84.20
                                                                                                                                                                                                                                http://tax-com.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 84.32.84.155
                                                                                                                                                                                                                                Company Information.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 84.32.84.121
                                                                                                                                                                                                                                ER4HMMzeQ3.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 84.32.84.229
                                                                                                                                                                                                                                truepepe-qt.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                • 84.32.84.101
                                                                                                                                                                                                                                z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                                profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                                FASTLYUShttp://103-198-26-128.hinet-ip.hinet.net/wp/plugins/Tracking/click/php/SuperTracking.html#UUJWakY1bVdkWlZQejIwbVl3cDFHb2haOENXZVhYZlpLTUNSU2x1eEVCdGJtbVhKT0ZWNkVTNjlQSXJDLzI3ekErVVlzTkFZbkh5T29jeG1LcWM4YkJUekd2M2h4amIxRWZ4am4va3cvOVk9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 151.101.195.1
                                                                                                                                                                                                                                Profile Illustrations and Technical Specifications for This System1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 151.101.65.229
                                                                                                                                                                                                                                https://github.com/eclipse-ecal/ecal/releases/download/v5.13.3/ecal_5.13.3-win64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.199.109.133
                                                                                                                                                                                                                                APLICATIVO-WINDOWS-NOTA-FISCAL.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 151.101.2.137
                                                                                                                                                                                                                                AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 151.101.130.217
                                                                                                                                                                                                                                https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                • 151.101.64.176
                                                                                                                                                                                                                                https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 151.101.130.152
                                                                                                                                                                                                                                https://www.calameo.com/read/005652686f8ff374103f3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 151.101.1.194
                                                                                                                                                                                                                                mr2v5o2eB3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 185.199.108.153
                                                                                                                                                                                                                                UKRTELNETUAarmv6l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 178.93.43.136
                                                                                                                                                                                                                                armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 37.55.244.200
                                                                                                                                                                                                                                GYede3Gwn0.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 92.113.18.193
                                                                                                                                                                                                                                botx.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 92.112.91.88
                                                                                                                                                                                                                                db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                • 37.53.10.72
                                                                                                                                                                                                                                telnet.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 46.200.20.158
                                                                                                                                                                                                                                Hh8hqqbu9X.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                                • 92.113.16.67
                                                                                                                                                                                                                                x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                • 92.113.237.42
                                                                                                                                                                                                                                nsharm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                • 37.53.5.183
                                                                                                                                                                                                                                HmP9fn8NM9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 92.113.16.201

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\mfc140u.dllmain.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                                                  main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      DeltaX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          winws1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                discord.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  main.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5653536
                                                                                                                                                                                                                                                    Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                                    MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                                    SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                                    SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                                    SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                    • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: user.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: DeltaX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: winws1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: discord.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1044992
                                                                                                                                                                                                                                                    Entropy (8bit):6.005174713821525
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:cVDH7h88c4vGmhhbrGRUDG+AYZ2OWTw/3EnrE:sDHdRcgFv8qWTwco
                                                                                                                                                                                                                                                    MD5:9AF5F53A9201B7E62AC91EDC8AB89C6A
                                                                                                                                                                                                                                                    SHA1:4DDFE7AF2248A76B5DB90AF0EAF4C80E2B4CD6DB
                                                                                                                                                                                                                                                    SHA-256:F84528FC136D8ABAE77543B8E9E8C9489C4495C491807907E675C15F028816F6
                                                                                                                                                                                                                                                    SHA-512:0581BA9951452BD7B2A193B8D73573B49CB8115468B6AF8B988628670A768A6882AC4C2C9FAA559F731ADD4378DCF606C3FFEEF96AD8A479B272E6C429DC1293
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;`K.Z...Z...Z..."...Z..=/...Z.......Z..."...Z.../...Z.../...Z.../...Z...Z...\.../...Z..=/...Z..=/...Z..=/...Z..=/...Z..Rich.Z..........................PE..d...~..g.........." .....|...r......T1....................................................`.............................................T......h............p..............0..`\......T.......................(.......8................0...........................text....z.......|.................. ..`.rdata.............................@..@.data........P.......6..............@....pdata......p......................@..@.rsrc................z..............@..@.reloc..`\...0...^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\VCRUNTIME140.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):120400
                                                                                                                                                                                                                                                    Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                                    MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                                    SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                                    SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                                    SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):49744
                                                                                                                                                                                                                                                    Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                                    MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                                    SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                                    SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                                    SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_bz2.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):84240
                                                                                                                                                                                                                                                    Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                                    MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                                    SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                                    SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                                    SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179200
                                                                                                                                                                                                                                                    Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                                                    MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                                                    SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                                                    SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                                                    SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_ctypes.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):131344
                                                                                                                                                                                                                                                    Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                                    MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                                    SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                                    SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                                    SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_decimal.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):277776
                                                                                                                                                                                                                                                    Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                                    MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                                    SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                                    SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                                    SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_hashlib.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):64272
                                                                                                                                                                                                                                                    Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                                    MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                                    SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                                    SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                                    SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_lzma.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):157968
                                                                                                                                                                                                                                                    Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                                    MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                                    SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                                    SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                                    SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_queue.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):33552
                                                                                                                                                                                                                                                    Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                                    MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                                    SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                                    SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                                    SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_socket.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):83728
                                                                                                                                                                                                                                                    Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                                    MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                                    SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                                    SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                                    SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_ssl.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181520
                                                                                                                                                                                                                                                    Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                                    MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                                    SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                                    SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                                    SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\_wmi.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):38160
                                                                                                                                                                                                                                                    Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                                    MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                                    SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                                    SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                                    SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\base_library.zip

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1394456
                                                                                                                                                                                                                                                    Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                                    MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                                    SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                                    SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                                    SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\certifi\cacert.pem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):299427
                                                                                                                                                                                                                                                    Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                    MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                    SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                    SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                    SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10752
                                                                                                                                                                                                                                                    Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                                    MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                                    SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                                    SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                                    SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):124928
                                                                                                                                                                                                                                                    Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                                    MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                                    SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                                    SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                                    SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:pip.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5440
                                                                                                                                                                                                                                                    Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                                    MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                                    SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                                    SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                                    SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15485
                                                                                                                                                                                                                                                    Entropy (8bit):5.562603127346912
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:1XxTB7oz5jF4EHRThXsI4WPm6LciTwqU+NX6in5hqw/t+B:1XX7ohCE3sIPm6LciTwqU+96inhgB
                                                                                                                                                                                                                                                    MD5:196EB487FE23136C14B43FE28FD62DAD
                                                                                                                                                                                                                                                    SHA1:B7878EA852FA6C6A9B173E60B81029B5B00BA691
                                                                                                                                                                                                                                                    SHA-256:4032FF71C85740D209A454E06F96CBC56302ACEC18E1BD539D39369292DB2110
                                                                                                                                                                                                                                                    SHA-512:F2052E1F42C8EC69DCF501FFA32B27AEC939E769786BEE1F95C24466C774987F5AA8C13B5996D6C59D04755442EB421E53E0AE5EE0148872F9BD9FE01CF3FC8E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__p

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):94
                                                                                                                                                                                                                                                    Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                                    MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                                    SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                                    SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                                    SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):197
                                                                                                                                                                                                                                                    Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                    MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                    SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                    SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                    SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11360
                                                                                                                                                                                                                                                    Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                    MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                    SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                    SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                    SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1532
                                                                                                                                                                                                                                                    Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                    MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                    SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                    SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                    SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7834624
                                                                                                                                                                                                                                                    Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                                                    MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                                                    SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                                                    SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                                                    SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\libcrypto-3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5232408
                                                                                                                                                                                                                                                    Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                                    MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                                    SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                                    SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                                    SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\libffi-8.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):39696
                                                                                                                                                                                                                                                    Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                    MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                    SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                    SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                    SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\libssl-3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):792856
                                                                                                                                                                                                                                                    Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                                    MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                                    SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                                    SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                                    SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):67072
                                                                                                                                                                                                                                                    Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                                    MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                                    SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                                    SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                                    SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\python3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):70416
                                                                                                                                                                                                                                                    Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                                    MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                                    SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                                    SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                                    SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\python313.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6083856
                                                                                                                                                                                                                                                    Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                                    MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                                    SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                                    SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                                    SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pythoncom313.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):678400
                                                                                                                                                                                                                                                    Entropy (8bit):6.050905552138285
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:r0G3L613PCcuXLq0Qroh0abOY6RWd0GrNmFKlOKdSAjUpdc6YcAQE7KytwhrPYL+:AGm16c0QroXbWnGVlOKQpdAUmN+
                                                                                                                                                                                                                                                    MD5:070B0C071A05B06223B927F1711E0B9C
                                                                                                                                                                                                                                                    SHA1:C482B1E1C1CDA3E0AEB84A0C3EF315C355BA003B
                                                                                                                                                                                                                                                    SHA-256:9D1097ABAD812B53A68C2BFCF9EFEF7559E39873950A000FAC9A7C7C5B199292
                                                                                                                                                                                                                                                    SHA-512:D05389A078C66426EA9CA3A8DF1721ABE246F59A3684DCFA9C5B031A93D96506A0D3BB8795330CFC0E81B23BBF7D91BBDE51EFFD152A234BA5ED63673F41086B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~..-..-..-...-...-..,..-..,..-..,..-..,..-..,..-..,..-...,..-..,..-..-...-..,...-..,..-..,..-Rich..-................PE..d......g.........." ................4........................................ ............`..........................................u...c..............l....`...{............... ..`1..T............................1..8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...{...`...|..................@..@.rsrc...l............4..............@..@.reloc... ......."...8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\pywin32_system32\pywintypes313.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):135680
                                                                                                                                                                                                                                                    Entropy (8bit):6.0205382324631955
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
                                                                                                                                                                                                                                                    MD5:2A87D04E9E7CBFF67E8EA4F6315C0EBB
                                                                                                                                                                                                                                                    SHA1:CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
                                                                                                                                                                                                                                                    SHA-256:D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
                                                                                                                                                                                                                                                    SHA-512:2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\select.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):30992
                                                                                                                                                                                                                                                    Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                                    MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                                    SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                                    SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                                    SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\unicodedata.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):709904
                                                                                                                                                                                                                                                    Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                                    MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                                    SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                                    SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                                    SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14848
                                                                                                                                                                                                                                                    Entropy (8bit):5.116146861242879
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:ketklgde+ljBEs0I62SbPbVlQmUAaPHTPMRX7aMHvcqvn7yab6x/:/d1tT0h2SbAmFaPHTmphvH6x/
                                                                                                                                                                                                                                                    MD5:5521E251A515964D04BC90CE8A2AA24C
                                                                                                                                                                                                                                                    SHA1:F7B4AB985DC9A1C7EF2F716999D276D126515BEC
                                                                                                                                                                                                                                                    SHA-256:F382CFFA30F533484FA6314E90A1408F0826867D70B3320220FD86AAFAC37526
                                                                                                                                                                                                                                                    SHA-512:FFEB0185B6D74881B3DCA25BA1B11C33CBCF3B466F3F1B888D662611925399BA2C7D8F133673474F691C068E67811A3FAD0FC057036A5B156B735019FAA882B9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%g.ND..ND..ND..G<..LD...1..LD...<..LD...1..ED...1..FD...1..MD......MD..ND..dD..1..OD..1..OD..1..OD..RichND..................PE..d...|..g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32api.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):133632
                                                                                                                                                                                                                                                    Entropy (8bit):5.868928551727267
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:mQKZG4IWJW8E60/c0nlRVFhLaNzvX2/qQvmYbtrprA3e:ZKZG7WgdnlRVgvm/qQDtrprA
                                                                                                                                                                                                                                                    MD5:C5067F04B506B09E48D4D07470E5A182
                                                                                                                                                                                                                                                    SHA1:20435C1A092141CE67E943C95E5CF522762ACD91
                                                                                                                                                                                                                                                    SHA-256:E19294BC2C145A9D87D4A2D8412830C8FF4C8C1B9AD005BD68ABD4B566AF1887
                                                                                                                                                                                                                                                    SHA-512:56F08A5EB927921DED50E92EA972253E68C1216DAA48871B3AA9ED62DB5712E665DFDA406C73E9F33736B61ED1F0CD016E6B4FFEE0237781FB98EEB63672F81E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V............................................+.............................................Rich............PE..d......g.........." .........................................................P............`......................................... ................0..\.......X............@..X...xv..T............................;..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI74322\win32\win32trace.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24064
                                                                                                                                                                                                                                                    Entropy (8bit):5.260538552870905
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:k1CAOcv3ugutnS5nW8sHt+9Nie20T8DmDxPBQ/vMj75yn9OJg1Bl:kh/pWKJPy/0PUOJuB
                                                                                                                                                                                                                                                    MD5:75C14B382EEF49322BB28F79DD2A7A54
                                                                                                                                                                                                                                                    SHA1:13CCCA1F8B19D68331E7FE981113B042FAC34408
                                                                                                                                                                                                                                                    SHA-256:5049C9956310FFC80C1C21C2D8A6562BA810E4592DB7DAD92462D238D82F65C0
                                                                                                                                                                                                                                                    SHA-512:3182316DEF1F09FF45C87BF6A099EF4C4D0AFA0CFF073C54AB59159E79E096ADCA0C4912B1851DE42E5EE0FC5B6C4163FCCB833A4CCE8F2AA42079D0C11D0D7A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.F..F..F.......F...G...F...C...F...B...F...E..F.8.G...F...G...F...G...F..G...F.8.O..F.8.F..F.8.D..F.Rich.F.................PE..d...w..g.........." .....,...........(....................................................`..........................................Q..T....Q..........d....p..,....................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata..,....p.......R..............@..@.rsrc...d............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5653536
                                                                                                                                                                                                                                                    Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                                    MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                                    SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                                    SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                                    SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1044992
                                                                                                                                                                                                                                                    Entropy (8bit):6.005174713821525
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:cVDH7h88c4vGmhhbrGRUDG+AYZ2OWTw/3EnrE:sDHdRcgFv8qWTwco
                                                                                                                                                                                                                                                    MD5:9AF5F53A9201B7E62AC91EDC8AB89C6A
                                                                                                                                                                                                                                                    SHA1:4DDFE7AF2248A76B5DB90AF0EAF4C80E2B4CD6DB
                                                                                                                                                                                                                                                    SHA-256:F84528FC136D8ABAE77543B8E9E8C9489C4495C491807907E675C15F028816F6
                                                                                                                                                                                                                                                    SHA-512:0581BA9951452BD7B2A193B8D73573B49CB8115468B6AF8B988628670A768A6882AC4C2C9FAA559F731ADD4378DCF606C3FFEEF96AD8A479B272E6C429DC1293
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;`K.Z...Z...Z..."...Z..=/...Z.......Z..."...Z.../...Z.../...Z.../...Z...Z...\.../...Z..=/...Z..=/...Z..=/...Z..=/...Z..Rich.Z..........................PE..d...~..g.........." .....|...r......T1....................................................`.............................................T......h............p..............0..`\......T.......................(.......8................0...........................text....z.......|.................. ..`.rdata.............................@..@.data........P.......6..............@....pdata......p......................@..@.rsrc................z..............@..@.reloc..`\...0...^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\VCRUNTIME140.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):120400
                                                                                                                                                                                                                                                    Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                                    MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                                    SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                                    SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                                    SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):49744
                                                                                                                                                                                                                                                    Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                                    MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                                    SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                                    SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                                    SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_bz2.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):84240
                                                                                                                                                                                                                                                    Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                                    MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                                    SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                                    SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                                    SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):179200
                                                                                                                                                                                                                                                    Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                                                    MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                                                    SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                                                    SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                                                    SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_ctypes.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):131344
                                                                                                                                                                                                                                                    Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                                    MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                                    SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                                    SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                                    SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_decimal.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):277776
                                                                                                                                                                                                                                                    Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                                    MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                                    SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                                    SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                                    SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_hashlib.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):64272
                                                                                                                                                                                                                                                    Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                                    MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                                    SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                                    SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                                    SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_lzma.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):157968
                                                                                                                                                                                                                                                    Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                                    MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                                    SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                                    SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                                    SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_queue.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):33552
                                                                                                                                                                                                                                                    Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                                    MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                                    SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                                    SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                                    SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_socket.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):83728
                                                                                                                                                                                                                                                    Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                                    MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                                    SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                                    SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                                    SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_ssl.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):181520
                                                                                                                                                                                                                                                    Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                                    MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                                    SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                                    SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                                    SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\_wmi.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):38160
                                                                                                                                                                                                                                                    Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                                    MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                                    SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                                    SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                                    SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\base_library.zip

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1394456
                                                                                                                                                                                                                                                    Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                                    MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                                    SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                                    SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                                    SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\certifi\cacert.pem

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):299427
                                                                                                                                                                                                                                                    Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                    MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                    SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                    SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                    SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10752
                                                                                                                                                                                                                                                    Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                                    MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                                    SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                                    SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                                    SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):124928
                                                                                                                                                                                                                                                    Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                                    MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                                    SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                                    SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                                    SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:pip.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5440
                                                                                                                                                                                                                                                    Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                                    MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                                    SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                                    SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                                    SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15485
                                                                                                                                                                                                                                                    Entropy (8bit):5.562603127346912
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:1XxTB7oz5jF4EHRThXsI4WPm6LciTwqU+NX6in5hqw/t+B:1XX7ohCE3sIPm6LciTwqU+96inhgB
                                                                                                                                                                                                                                                    MD5:196EB487FE23136C14B43FE28FD62DAD
                                                                                                                                                                                                                                                    SHA1:B7878EA852FA6C6A9B173E60B81029B5B00BA691
                                                                                                                                                                                                                                                    SHA-256:4032FF71C85740D209A454E06F96CBC56302ACEC18E1BD539D39369292DB2110
                                                                                                                                                                                                                                                    SHA-512:F2052E1F42C8EC69DCF501FFA32B27AEC939E769786BEE1F95C24466C774987F5AA8C13B5996D6C59D04755442EB421E53E0AE5EE0148872F9BD9FE01CF3FC8E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__p

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):94
                                                                                                                                                                                                                                                    Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                                    MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                                    SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                                    SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                                    SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):197
                                                                                                                                                                                                                                                    Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                    MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                    SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                    SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                    SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):11360
                                                                                                                                                                                                                                                    Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                    MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                    SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                    SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                    SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1532
                                                                                                                                                                                                                                                    Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                    MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                    SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                    SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                    SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):7834624
                                                                                                                                                                                                                                                    Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                                                    MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                                                    SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                                                    SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                                                    SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\libcrypto-3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):5232408
                                                                                                                                                                                                                                                    Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                                    MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                                    SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                                    SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                                    SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\libffi-8.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):39696
                                                                                                                                                                                                                                                    Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                    MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                    SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                    SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                    SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\libssl-3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):792856
                                                                                                                                                                                                                                                    Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                                    MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                                    SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                                    SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                                    SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):67072
                                                                                                                                                                                                                                                    Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                                                    MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                                                    SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                                                    SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                                                    SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\python3.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):70416
                                                                                                                                                                                                                                                    Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                                    MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                                    SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                                    SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                                    SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\python313.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):6083856
                                                                                                                                                                                                                                                    Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                                    MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                                    SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                                    SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                                    SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pythoncom313.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):678400
                                                                                                                                                                                                                                                    Entropy (8bit):6.050905552138285
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:6144:r0G3L613PCcuXLq0Qroh0abOY6RWd0GrNmFKlOKdSAjUpdc6YcAQE7KytwhrPYL+:AGm16c0QroXbWnGVlOKQpdAUmN+
                                                                                                                                                                                                                                                    MD5:070B0C071A05B06223B927F1711E0B9C
                                                                                                                                                                                                                                                    SHA1:C482B1E1C1CDA3E0AEB84A0C3EF315C355BA003B
                                                                                                                                                                                                                                                    SHA-256:9D1097ABAD812B53A68C2BFCF9EFEF7559E39873950A000FAC9A7C7C5B199292
                                                                                                                                                                                                                                                    SHA-512:D05389A078C66426EA9CA3A8DF1721ABE246F59A3684DCFA9C5B031A93D96506A0D3BB8795330CFC0E81B23BBF7D91BBDE51EFFD152A234BA5ED63673F41086B
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~..-..-..-...-...-..,..-..,..-..,..-..,..-..,..-..,..-...,..-..,..-..-...-..,...-..,..-..,..-Rich..-................PE..d......g.........." ................4........................................ ............`..........................................u...c..............l....`...{............... ..`1..T............................1..8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...{...`...|..................@..@.rsrc...l............4..............@..@.reloc... ......."...8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\pywin32_system32\pywintypes313.dll

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):135680
                                                                                                                                                                                                                                                    Entropy (8bit):6.0205382324631955
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
                                                                                                                                                                                                                                                    MD5:2A87D04E9E7CBFF67E8EA4F6315C0EBB
                                                                                                                                                                                                                                                    SHA1:CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
                                                                                                                                                                                                                                                    SHA-256:D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
                                                                                                                                                                                                                                                    SHA-512:2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\select.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):30992
                                                                                                                                                                                                                                                    Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                                    MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                                    SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                                    SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                                    SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\unicodedata.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):709904
                                                                                                                                                                                                                                                    Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                                    MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                                    SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                                    SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                                    SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):14848
                                                                                                                                                                                                                                                    Entropy (8bit):5.116146861242879
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:ketklgde+ljBEs0I62SbPbVlQmUAaPHTPMRX7aMHvcqvn7yab6x/:/d1tT0h2SbAmFaPHTmphvH6x/
                                                                                                                                                                                                                                                    MD5:5521E251A515964D04BC90CE8A2AA24C
                                                                                                                                                                                                                                                    SHA1:F7B4AB985DC9A1C7EF2F716999D276D126515BEC
                                                                                                                                                                                                                                                    SHA-256:F382CFFA30F533484FA6314E90A1408F0826867D70B3320220FD86AAFAC37526
                                                                                                                                                                                                                                                    SHA-512:FFEB0185B6D74881B3DCA25BA1B11C33CBCF3B466F3F1B888D662611925399BA2C7D8F133673474F691C068E67811A3FAD0FC057036A5B156B735019FAA882B9
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%g.ND..ND..ND..G<..LD...1..LD...<..LD...1..ED...1..FD...1..MD......MD..ND..dD..1..OD..1..OD..1..OD..RichND..................PE..d...|..g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\win32\win32api.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):133632
                                                                                                                                                                                                                                                    Entropy (8bit):5.868928551727267
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:mQKZG4IWJW8E60/c0nlRVFhLaNzvX2/qQvmYbtrprA3e:ZKZG7WgdnlRVgvm/qQDtrprA
                                                                                                                                                                                                                                                    MD5:C5067F04B506B09E48D4D07470E5A182
                                                                                                                                                                                                                                                    SHA1:20435C1A092141CE67E943C95E5CF522762ACD91
                                                                                                                                                                                                                                                    SHA-256:E19294BC2C145A9D87D4A2D8412830C8FF4C8C1B9AD005BD68ABD4B566AF1887
                                                                                                                                                                                                                                                    SHA-512:56F08A5EB927921DED50E92EA972253E68C1216DAA48871B3AA9ED62DB5712E665DFDA406C73E9F33736B61ED1F0CD016E6B4FFEE0237781FB98EEB63672F81E
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V............................................+.............................................Rich............PE..d......g.........." .........................................................P............`......................................... ................0..\.......X............@..X...xv..T............................;..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI76042\win32\win32trace.pyd

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):24064
                                                                                                                                                                                                                                                    Entropy (8bit):5.260538552870905
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:k1CAOcv3ugutnS5nW8sHt+9Nie20T8DmDxPBQ/vMj75yn9OJg1Bl:kh/pWKJPy/0PUOJuB
                                                                                                                                                                                                                                                    MD5:75C14B382EEF49322BB28F79DD2A7A54
                                                                                                                                                                                                                                                    SHA1:13CCCA1F8B19D68331E7FE981113B042FAC34408
                                                                                                                                                                                                                                                    SHA-256:5049C9956310FFC80C1C21C2D8A6562BA810E4592DB7DAD92462D238D82F65C0
                                                                                                                                                                                                                                                    SHA-512:3182316DEF1F09FF45C87BF6A099EF4C4D0AFA0CFF073C54AB59159E79E096ADCA0C4912B1851DE42E5EE0FC5B6C4163FCCB833A4CCE8F2AA42079D0C11D0D7A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.F..F..F.......F...G...F...C...F...B...F...E..F.8.G...F...G...F...G...F..G...F.8.O..F.8.F..F.8.D..F.Rich.F.................PE..d...w..g.........." .....,...........(....................................................`..........................................Q..T....Q..........d....p..,....................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata..,....p.......R..............@..@.rsrc...d............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gen_py\3.13\__init__.py

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):176
                                                                                                                                                                                                                                                    Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                                    MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                                    SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                                    SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                                    SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gen_py\3.13\dicts.dat

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10
                                                                                                                                                                                                                                                    Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                                    MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                                    SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                                    SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                                    SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..K....}..

                                                                                                                                                                                                                                                    Chrome Cache Entry: 121

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):3977
                                                                                                                                                                                                                                                    Entropy (8bit):5.207873632337016
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:vDfGHhiPpPh/H4LA0uwueD/CIarfOtGux0+nPJ+11gv2KsJQgH0Be1NdqLmuFWMn:7GHhiPpPh/YLARwueD/CIarfOt3x04PZ
                                                                                                                                                                                                                                                    MD5:C879A582A94E772B8ED27295AE83145D
                                                                                                                                                                                                                                                    SHA1:A12623D13C36B4A2A2BCC419330CB2D9C8FA079D
                                                                                                                                                                                                                                                    SHA-256:11B1AAB7F9A07CBE8903D8D6EB1E6D42BE66D1BDD838C10786C1C49A2EFB36F0
                                                                                                                                                                                                                                                    SHA-512:D113A6D3BDBAA6345BC778E15CABBFF21ED3B1B79D5E02F17BF86E96F84F7F5ECCB084CC1E3F63C58C81C5356D147A4D5371D37621D90F73F6CB868D974C5708
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 22.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns:ev="http://www.w3.org/2001/xml-events".. xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 318.6 318.6".. style="enable-background:new 0 0 318.6 318.6;" xml:space="preserve">.<style type="text/css">...st0{fill:#E2761B;stroke:#E2761B;stroke-linecap:round;stroke-linejoin:round;}...st1{fill:#E4761B;stroke:#E4761B;stroke-linecap:round;stroke-linejoin:round;}...st2{fill:#D7C1B3;stroke:#D7C1B3;stroke-linecap:round;stroke-linejoin:round;}...st3{fill:#233447;stroke:#233447;stroke-linecap:round;stroke-linejoin:round;}...st4{fill:#CD6116;stroke:#CD6116;stroke-linecap:round;stroke-linejoin:round;}...st5{fill:#E4751F;stroke:#E4751F;stroke-linecap:round;stroke-linejoin:round;}...st6{fill:#F6851B;stroke:#F6851B;stroke-linecap:round;stroke-linejoin:round;}...st7{fill:#C0AD9E;

                                                                                                                                                                                                                                                    Chrome Cache Entry: 122

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):48444
                                                                                                                                                                                                                                                    Entropy (8bit):7.995593685409469
                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                    SSDEEP:768:dn0V9qZpy/4pR+9MzTCGXckDohHxCc/TfZQEh9UONYyPYcABoN/8rZujvB:dn0+rAmWUMooVrbZQE7NYyzABK8rQ1
                                                                                                                                                                                                                                                    MD5:8E433C0592F77BEB6DC527D7B90BE120
                                                                                                                                                                                                                                                    SHA1:D7402416753AE1BB4CBD4B10D33A0C10517838BD
                                                                                                                                                                                                                                                    SHA-256:F052EE44C3728DFD23ABA8A4567150BC314D23903026FBB6AD089422C2DF56AF
                                                                                                                                                                                                                                                    SHA-512:5E90F48B923BB95AEB49691D03DADE8825C119B2FA28977EA170C41548900F4E0165E2869F97C7A9380D7FF8FF331A1DA855500E5F7B0DFD2B9ABD77A386BBF3
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
                                                                                                                                                                                                                                                    Preview:wOF2.......<.......l..............................`...\..p?HVAR.m?MVAR^.`?STAT.N'&..>/l........>....0....6.$.... ........[..A.2v.6......$..e...w"../.L.p:......Tpc..8@.[5......d#d.xw..o.O3-.....%..>...%..)~p.K.J.H..S...s..z..Wa.. 0\..J.....BL;V..-.L...j....^.9..HO l..,.*.6.v....?....x.....m..;....a![zif...Ur...Q..P.&.I1..:n.p...j~..h...9.!....@.<.bl|.Y?h..B.j/..rH.S%/~.^D...6..D.4G...y....Y.....=/o..W..5ryo.d?.gA]..?...1V..S......7ZJ...f....mBG[0eW....y..%B}..]? ...,sR<.y~.~.}.%.!..,X.....`...R..^....S.....u*.?k.v.k..U.u..M..`!...b!..X)P...y{.........n..T+6...R......L...x}...g...].g"WT.b..h ....X...=;{w...QO.s..w..@.(,..........{.........1..@...(...\.......9*..2.h9P.G........K.Dp...F..4W..ui.u...G...s..x7.?..tg..D..O.sA..t.t.4..~..e\...X.....T..kf.qfX..=^_....g"....De...x[J..A..).G.YUhR.....0.l..#&3.'.K..*...........$I.Pp.../.s.<@...r=..S......d..P.S.B.w.~X..ZK....h J.`A.bv,=.....>1.Ev.^..U.A. ....EU..].........dw..!$.A`..B.._.....Z~..!..J..l]r.m}m..

                                                                                                                                                                                                                                                    Chrome Cache Entry: 123

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):3977
                                                                                                                                                                                                                                                    Entropy (8bit):5.207873632337016
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:vDfGHhiPpPh/H4LA0uwueD/CIarfOtGux0+nPJ+11gv2KsJQgH0Be1NdqLmuFWMn:7GHhiPpPh/YLARwueD/CIarfOt3x04PZ
                                                                                                                                                                                                                                                    MD5:C879A582A94E772B8ED27295AE83145D
                                                                                                                                                                                                                                                    SHA1:A12623D13C36B4A2A2BCC419330CB2D9C8FA079D
                                                                                                                                                                                                                                                    SHA-256:11B1AAB7F9A07CBE8903D8D6EB1E6D42BE66D1BDD838C10786C1C49A2EFB36F0
                                                                                                                                                                                                                                                    SHA-512:D113A6D3BDBAA6345BC778E15CABBFF21ED3B1B79D5E02F17BF86E96F84F7F5ECCB084CC1E3F63C58C81C5356D147A4D5371D37621D90F73F6CB868D974C5708
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://metamask.io/assets/icon.svg
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 22.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns:ev="http://www.w3.org/2001/xml-events".. xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 318.6 318.6".. style="enable-background:new 0 0 318.6 318.6;" xml:space="preserve">.<style type="text/css">...st0{fill:#E2761B;stroke:#E2761B;stroke-linecap:round;stroke-linejoin:round;}...st1{fill:#E4761B;stroke:#E4761B;stroke-linecap:round;stroke-linejoin:round;}...st2{fill:#D7C1B3;stroke:#D7C1B3;stroke-linecap:round;stroke-linejoin:round;}...st3{fill:#233447;stroke:#233447;stroke-linecap:round;stroke-linejoin:round;}...st4{fill:#CD6116;stroke:#CD6116;stroke-linecap:round;stroke-linejoin:round;}...st5{fill:#E4751F;stroke:#E4751F;stroke-linecap:round;stroke-linejoin:round;}...st6{fill:#F6851B;stroke:#F6851B;stroke-linecap:round;stroke-linejoin:round;}...st7{fill:#C0AD9E;

                                                                                                                                                                                                                                                    Chrome Cache Entry: 124

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):4942
                                                                                                                                                                                                                                                    Entropy (8bit):5.476815634898853
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:96:aOEaAqOEaEFZHOEadOEa73vOEaoOEaQJc+uTOEaWNDOpaAqOpaEFZHOpadOpa73m:9AN/C734nkDGAEif73RKkG5
                                                                                                                                                                                                                                                    MD5:EE0EE4739567861CC2E8994CF10E16F7
                                                                                                                                                                                                                                                    SHA1:502056CC036421E3FF1FCF1F562E83437609FBB2
                                                                                                                                                                                                                                                    SHA-256:904DC3E1BEE45978299DA81E6B6C3A731F1240118AFDE61161E2BE24C4C1031B
                                                                                                                                                                                                                                                    SHA-512:8E1934B264043E585BDFA64067F0E82DD60D1854268E809683433766B5E3C081B7AB88D0C75AE2609552A366E84EDA3DC8E4EC29F270E4DA9572A4399CCE71B4
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
                                                                                                                                                                                                                                                    Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. font-display: swa

                                                                                                                                                                                                                                                    Chrome Cache Entry: 125

                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                    Size (bytes):5797
                                                                                                                                                                                                                                                    Entropy (8bit):4.3203042304130985
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:tVQ1GqYS6/ZqLVl3zahlq+bnNDDOWvAuaF9ooSMYbAgVskqBG8qBb78qBPY/Jv:vO6x0VlDahlq+hDGuazYHsTcrVvpYV
                                                                                                                                                                                                                                                    MD5:EB5A16471F48503408F6F9C328D59FCF
                                                                                                                                                                                                                                                    SHA1:50B9BA487F962708F746155301AA724F8DFF9D8F
                                                                                                                                                                                                                                                    SHA-256:97DAD2D70939E479775CD46DE9753B21E58E231936789EC3765976EFF358A82F
                                                                                                                                                                                                                                                    SHA-512:5E305BDB9C50B7B69F40F29378B366F08096802B89B7A1F6BA89C9FAD578D596AC49EFE8F0897FDFF495D6622F1F8F8D1ADA50F5E5CFF28178EFD7118250C437
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    URL:https://alert-metamask.info/
                                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.. <title>MetaMask Security Notice</title>.. <link rel="icon" href="https://metamask.io/assets/icon.svg" type="image/svg+xml" />.. <style>.. @import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap');.... body {.. margin: 0;.. padding: 0;.. background: #D32F2F;.. /* Red background */.. font-family: 'Inter', sans-serif;.. display: flex;.. align-items: center;.. justify-content: center;.. height: 100vh;.. box-sizing: border-box;.. }.... .alert-box {.. background: #fff;.. border-radius: 8px;.. box-shadow: 0 2px 12px rgba(0, 0, 0, 0.2);.. width: 800px;.. max-width: 90%;.. overflow: hidden;.. d

                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                    Entropy (8bit):7.995796327595277
                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                    File name:UpdaterTool.exe
                                                                                                                                                                                                                                                    File size:16'001'583 bytes
                                                                                                                                                                                                                                                    MD5:09cb59f6bbd3558b6698d029c1daccec
                                                                                                                                                                                                                                                    SHA1:37a081e1a56b7b3d7982b299fe91fa8635163369
                                                                                                                                                                                                                                                    SHA256:b88638ea23c4629fc7a28953b14ffabcf9b8fa302b552930512629c2c8a5be1a
                                                                                                                                                                                                                                                    SHA512:1270a22cd4a2cee42406fa9332061848ac5e6d895062b143209a03878f3909e058ecc09ff41f846d38e8efe14a5c4bc87541ee1c60a7e17d502985e4a5f0b9d2
                                                                                                                                                                                                                                                    SSDEEP:393216:XVlj87d5ta63hucsXMCHWUjAcuIF//PGEXTra:XVl8ZXr3hrsXMb8V1//OGa
                                                                                                                                                                                                                                                    TLSH:C7F63318AAD02ACEE5F35534D8E1814BD921FCE607F1CA8F97F587522E632C09D39993
                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                    Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Entrypoint:0x14000cdb0
                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                    Time Stamp:0x67564FC7 [Mon Dec 9 02:02:47 2024 UTC]
                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                    Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                                                    call 00007FDDFCCF8E2Ch
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                                                    jmp 00007FDDFCCF8A4Fh
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                                                    call 00007FDDFCCF91F8h
                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                    je 00007FDDFCCF8BF3h
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                    jmp 00007FDDFCCF8BD7h
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                                                                                    je 00007FDDFCCF8BE6h
                                                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                                                                                    jne 00007FDDFCCF8BC0h
                                                                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                                                                    jmp 00007FDDFCCF8BC9h
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                                                    test ecx, ecx
                                                                                                                                                                                                                                                    jne 00007FDDFCCF8BD9h
                                                                                                                                                                                                                                                    mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                                                                                    call 00007FDDFCCF8325h
                                                                                                                                                                                                                                                    call 00007FDDFCCF9610h
                                                                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                                                                    jne 00007FDDFCCF8BD6h
                                                                                                                                                                                                                                                    xor al, al
                                                                                                                                                                                                                                                    jmp 00007FDDFCCF8BE6h
                                                                                                                                                                                                                                                    call 00007FDDFCD0612Fh
                                                                                                                                                                                                                                                    test al, al
                                                                                                                                                                                                                                                    jne 00007FDDFCCF8BDBh
                                                                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                                                                    call 00007FDDFCCF9620h
                                                                                                                                                                                                                                                    jmp 00007FDDFCCF8BBCh
                                                                                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    inc eax
                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                                                                                                    cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                                                                                    mov ebx, ecx
                                                                                                                                                                                                                                                    jne 00007FDDFCCF8C39h
                                                                                                                                                                                                                                                    cmp ecx, 01h
                                                                                                                                                                                                                                                    jnbe 00007FDDFCCF8C3Ch
                                                                                                                                                                                                                                                    call 00007FDDFCCF916Eh
                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                    je 00007FDDFCCF8BFAh
                                                                                                                                                                                                                                                    test ebx, ebx
                                                                                                                                                                                                                                                    jne 00007FDDFCCF8BF6h
                                                                                                                                                                                                                                                    dec eax
                                                                                                                                                                                                                                                    lea ecx, dword ptr [00035716h]
                                                                                                                                                                                                                                                    call 00007FDDFCD05F22h

                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                    .text0x10000x29f000x2a0002a7ae207b6295492e9da088072661752False0.5514439174107143data6.487454925709845IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .rdata0x2b0000x12a500x12c00ab8611ba43f248db0f58c02215add553False0.5244661458333333data5.7526633002083205IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .pdata0x440000x22500x2400f5559f14427a02f0a5dbd0dd026cae54False0.470703125data5.291665041994019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                    RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                                    RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                                    RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                                    RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                                    RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                                    RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                                    RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                                                                    RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                    USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                    COMCTL32.dll
                                                                                                                                                                                                                                                    KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                                    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:03.028207064 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.174674988 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.174722910 CET44349731149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.174787998 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.176265955 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.176281929 CET44349731149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.788800001 CET44349731149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.790724039 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.790745974 CET44349731149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.791965961 CET44349731149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.792032003 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.793286085 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.793416023 CET44349731149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.793452978 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.793467045 CET49731443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.985896111 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.985944033 CET44349732149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.986030102 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.986639977 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.986654043 CET44349732149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.643723011 CET44349732149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.644252062 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.644283056 CET44349732149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.645179033 CET44349732149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.645242929 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.646296978 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.646414995 CET44349732149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.646455050 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:07.646475077 CET49732443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:12.876437902 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:12.876475096 CET44349734149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:12.876580954 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:12.877332926 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:12.877346039 CET44349734149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.508335114 CET44349734149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.508949995 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.508970976 CET44349734149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.509865046 CET44349734149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.509922981 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.511123896 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.511249065 CET44349734149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.511264086 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:13.511295080 CET49734443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:15.912167072 CET5557553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:15.917721033 CET53555751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:15.917836905 CET5557553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:15.923634052 CET53555751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:16.596751928 CET5557553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:16.601880074 CET53555751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:16.601955891 CET5557553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:20.619266033 CET4972380192.168.2.42.22.50.144
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:20.624182940 CET80497232.22.50.144192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:20.624234915 CET4972380192.168.2.42.22.50.144
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:07.561090946 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:07.561137915 CET44355632149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:07.561235905 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:07.561810970 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:07.561837912 CET44355632149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.168236971 CET44355632149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.169229031 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.169245005 CET44355632149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.172152996 CET44355632149.154.167.220192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.172209978 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.174335003 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.174480915 CET55632443192.168.2.4149.154.167.220
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.984165907 CET5564480192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.986016035 CET5564580192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.988985062 CET805564484.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.989057064 CET5564480192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.989310980 CET5564480192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.990786076 CET805564584.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.990947008 CET5564580192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.994090080 CET805564484.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.687978029 CET805564484.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.732738018 CET5564480192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.931617022 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.931647062 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.931720018 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.020104885 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.020157099 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.020245075 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.198491096 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.198506117 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.200406075 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.200418949 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.847616911 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.847939014 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.847970009 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.848535061 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.848788977 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.848810911 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.849010944 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.849072933 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.849916935 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.849987030 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.850541115 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.850609064 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.850682974 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.850750923 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.850909948 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.850919008 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.891689062 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.891789913 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.891808033 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.937427998 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392786980 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392847061 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392889977 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392926931 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392930984 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392945051 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.392976046 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.398755074 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.398818970 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.401138067 CET55658443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.401151896 CET4435565892.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.447361946 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.447385073 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.447464943 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.447707891 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.447725058 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.937446117 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.939723015 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.939743042 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.940787077 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.940870047 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.941997051 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.942056894 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.942194939 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.942200899 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.984234095 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056004047 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056109905 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056133986 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056191921 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056221962 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056235075 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056262016 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056288958 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056889057 CET55670443192.168.2.4185.199.108.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.056904078 CET44355670185.199.108.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.078309059 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.078351021 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.078496933 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.078807116 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.078815937 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.540036917 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.551825047 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.551863909 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.552970886 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.553072929 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.554833889 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.554900885 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.555002928 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.594645023 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.594671011 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.642641068 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.686109066 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.686172962 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.686217070 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.686278105 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.686304092 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.686359882 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.882513046 CET55677443192.168.2.4185.199.111.153
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.882543087 CET44355677185.199.111.153192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.146289110 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.146307945 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.146531105 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.146828890 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.146840096 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.797843933 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.798547983 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.798569918 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.799634933 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.799700022 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.801106930 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.801175117 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.855648994 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.855662107 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.896459103 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:23.698246002 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:23.698306084 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:23.698507071 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:25.310750008 CET55685443192.168.2.4172.217.16.196
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:25.310772896 CET44355685172.217.16.196192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:39.360726118 CET805564584.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:39.360806942 CET5564580192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:40.753561020 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:40.753632069 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:40.753715992 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:41.316683054 CET5564580192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:41.316740036 CET55657443192.168.2.492.113.16.253
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:41.316760063 CET4435565792.113.16.253192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:41.322575092 CET805564584.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:54.698721886 CET5564480192.168.2.484.32.84.152
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:54.703560114 CET805564484.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:02:09.687179089 CET805564484.32.84.152192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:02:09.687269926 CET5564480192.168.2.484.32.84.152

                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.156497002 CET5927553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.163234949 CET53592751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:15.911748886 CET53570641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:20.949101925 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.754987001 CET6291353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.755208969 CET5687753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.794365883 CET53568771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.798168898 CET53629131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.812141895 CET53623001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.993141890 CET53579991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.698808908 CET5939853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.699132919 CET5790153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.738377094 CET53579011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.877078056 CET53593981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:10.297883034 CET53498611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.437485933 CET5368753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.437684059 CET5033253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.442390919 CET53652701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.444561005 CET53536871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.446976900 CET53503321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.065301895 CET5263453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.065485001 CET5593353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.072521925 CET53526341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.077394962 CET53559331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.138358116 CET4954453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.138545990 CET6099453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.145154953 CET53495441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.145276070 CET53609941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:27.567931890 CET53511261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:46.548598051 CET53499471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:02:08.419891119 CET53522201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Jan 6, 2025 16:02:09.090522051 CET53550301.1.1.1192.168.2.4

                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.156497002 CET192.168.2.41.1.1.10xd12Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.754987001 CET192.168.2.41.1.1.10xe6bdStandard query (0)alert-metamask.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.755208969 CET192.168.2.41.1.1.10xe3d9Standard query (0)alert-metamask.info65IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.698808908 CET192.168.2.41.1.1.10xff11Standard query (0)alert-metamask.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.699132919 CET192.168.2.41.1.1.10x75bStandard query (0)alert-metamask.info65IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.437485933 CET192.168.2.41.1.1.10x4849Standard query (0)metamask.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.437684059 CET192.168.2.41.1.1.10x6fStandard query (0)metamask.io65IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.065301895 CET192.168.2.41.1.1.10x119eStandard query (0)metamask.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.065485001 CET192.168.2.41.1.1.10x34dcStandard query (0)metamask.io65IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.138358116 CET192.168.2.41.1.1.10xe4efStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.138545990 CET192.168.2.41.1.1.10x897dStandard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Jan 6, 2025 16:00:06.163234949 CET1.1.1.1192.168.2.40xd12No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.798168898 CET1.1.1.1192.168.2.40xe6bdNo error (0)alert-metamask.info84.32.84.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.877078056 CET1.1.1.1192.168.2.40xff11No error (0)alert-metamask.info92.113.16.253A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.444561005 CET1.1.1.1192.168.2.40x4849No error (0)metamask.io185.199.108.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.444561005 CET1.1.1.1192.168.2.40x4849No error (0)metamask.io185.199.109.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.444561005 CET1.1.1.1192.168.2.40x4849No error (0)metamask.io185.199.111.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:11.444561005 CET1.1.1.1192.168.2.40x4849No error (0)metamask.io185.199.110.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.072521925 CET1.1.1.1192.168.2.40x119eNo error (0)metamask.io185.199.111.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.072521925 CET1.1.1.1192.168.2.40x119eNo error (0)metamask.io185.199.109.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.072521925 CET1.1.1.1192.168.2.40x119eNo error (0)metamask.io185.199.108.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:12.072521925 CET1.1.1.1192.168.2.40x119eNo error (0)metamask.io185.199.110.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.145154953 CET1.1.1.1192.168.2.40xe4efNo error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:13.145276070 CET1.1.1.1192.168.2.40x897dNo error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                    • alert-metamask.info
                                                                                                                                                                                                                                                    • https:
                                                                                                                                                                                                                                                      • metamask.io

                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.45564484.32.84.152807120C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:08.989310980 CET434OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                    Host: alert-metamask.info
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:09.687978029 CET1225INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                    Date: Mon, 06 Jan 2025 15:01:09 GMT
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Content-Length: 795
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    location: https://alert-metamask.info/
                                                                                                                                                                                                                                                    platform: hostinger
                                                                                                                                                                                                                                                    panel: hpanel
                                                                                                                                                                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                    Server: hcdn
                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                    x-hcdn-request-id: 561e9d39e9b256c8772b1c36e42f94ff-bos-edge2
                                                                                                                                                                                                                                                    x-hcdn-cache-status: MISS
                                                                                                                                                                                                                                                    x-hcdn-upstream-rt: 0.219
                                                                                                                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>
                                                                                                                                                                                                                                                    Jan 6, 2025 16:01:54.698721886 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.45565892.113.16.2534437120C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2025-01-06 15:01:10 UTC662OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                    Host: alert-metamask.info
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Mon, 06 Jan 2025 15:01:11 GMT
                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    last-modified: Sun, 08 Dec 2024 21:45:27 GMT
                                                                                                                                                                                                                                                    etag: W/"16a5-67561377-e0ad82fa1db47819;gz"
                                                                                                                                                                                                                                                    platform: hostinger
                                                                                                                                                                                                                                                    panel: hpanel
                                                                                                                                                                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                                                    Server: hcdn
                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                    x-hcdn-request-id: a738841af8c5b7bf9d9b94d65ed3f048-fra-edge2
                                                                                                                                                                                                                                                    x-hcdn-cache-status: DYNAMIC
                                                                                                                                                                                                                                                    x-hcdn-upstream-rt: 0.278
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC875INData Raw: 31 36 61 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 65 74 61 4d 61 73 6b 20 53 65 63 75 72 69 74 79 20 4e 6f 74 69 63 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 65 74 61 6d 61 73 6b 2e 69 6f 2f 61 73 73 65
                                                                                                                                                                                                                                                    Data Ascii: 16a5<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>MetaMask Security Notice</title> <link rel="icon" href="https://metamask.io/asse
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC1369INData Raw: 20 32 70 78 20 31 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 38 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 39 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 74 6f 70 2d 73 65 63 74 69 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20
                                                                                                                                                                                                                                                    Data Ascii: 2px 12px rgba(0, 0, 0, 0.2); width: 800px; max-width: 90%; overflow: hidden; display: flex; flex-direction: column; } .top-section { background: #fff;
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC1369INData Raw: 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 62 6f 74 74 6f 6d 2d 73 65 63 74 69 6f 6e 20 61 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 37 36 44 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f
                                                                                                                                                                                                                                                    Data Ascii: #333; margin-bottom: 10px; line-height: 1.4; font-weight: 700; } .bottom-section a { color: #1976D2; text-decoration: none; font-weight: 700; wo
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC1369INData Raw: 21 3c 2f 73 70 61 6e 3e 20 45 74 68 65 72 65 75 6d 20 50 68 69 73 68 69 6e 67 20 44 65 74 65 63 74 69 6f 6e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 74 74 6f 6d 2d 73 65 63 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 66 66 69 63 69 61 6c 2d 6e 6f 74 65 22 3e 54 68 69 73 20 69 73 20 61 6e 20 6f 66 66 69 63 69 61 6c 20 4d 65 74 61 4d 61 73 6b 20 73 65 63 75 72 69 74 79 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 44 65 61 72 20 4d 65 74 61 4d 61 73 6b 20 75 73 65 72
                                                                                                                                                                                                                                                    Data Ascii: !</span> Ethereum Phishing Detection </p> </div> <div class="bottom-section"> <p class="official-note">This is an official MetaMask security notification.</p> <p> Dear MetaMask user
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC828INData Raw: 3c 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 49 66 20 79 6f 75 20 68 61 76 65 20 61 6e 79 20 71 75 65 73 74 69 6f 6e 73 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 6f 66 66 69 63 69 61 6c 20 4d 65 74 61 4d 61 73 6b 20 73 75 70 70 6f 72 74 20 74 65 61 6d 2e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 64 64 69 74 69 6f 6e 61 6c 2d 6c 69 6e 6b 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 46 6f 72 20 6d 6f 72 65 20 73 65 63 75 72 69 74 79 20 74 69 70 73 2c 20 76 69 73 69 74 3a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 65 74 61 6d
                                                                                                                                                                                                                                                    Data Ascii: <p> If you have any questions, please contact the official MetaMask support team. </p> <div class="additional-links"> <p>For more security tips, visit: <a href="https://metam


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.2.455670185.199.108.1534437120C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2025-01-06 15:01:11 UTC589OUTGET /assets/icon.svg HTTP/1.1
                                                                                                                                                                                                                                                    Host: metamask.io
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                    Referer: https://alert-metamask.info/
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC638INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Content-Length: 3977
                                                                                                                                                                                                                                                    Server: GitHub.com
                                                                                                                                                                                                                                                    Content-Type: image/svg+xml
                                                                                                                                                                                                                                                    Last-Modified: Mon, 06 Jan 2025 13:19:08 GMT
                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                    ETag: "677bd84c-f89"
                                                                                                                                                                                                                                                    expires: Mon, 06 Jan 2025 15:11:12 GMT
                                                                                                                                                                                                                                                    Cache-Control: max-age=600
                                                                                                                                                                                                                                                    x-proxy-cache: MISS
                                                                                                                                                                                                                                                    X-GitHub-Request-Id: B221:359B6D:3ABCE4F:4357CB6:677BF037
                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                    Date: Mon, 06 Jan 2025 15:01:12 GMT
                                                                                                                                                                                                                                                    Via: 1.1 varnish
                                                                                                                                                                                                                                                    X-Served-By: cache-ewr-kewr1740063-EWR
                                                                                                                                                                                                                                                    X-Cache: MISS
                                                                                                                                                                                                                                                    X-Cache-Hits: 0
                                                                                                                                                                                                                                                    X-Timer: S1736175672.991762,VS0,VE16
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    X-Fastly-Request-ID: f0a44b704514dbc3f7ba3d779841e8ab8a2831c9
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC1378INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 32 2e 30 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3a 65 76 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 78 6d 6c 2d 65 76 65 6e 74 73 22 0a 09 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78
                                                                                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 22.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" xmlns:ev="http://www.w3.org/2001/xml-events" xmlns="http://www.w3.org/2000/svg" xmlns:x
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC1378INData Raw: 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73 3d 22 32 33 38 2e 33 2c 32 30 36 2e 38 20 32 31 31 2e 38 2c 32 34 37 2e 34 20 32 36 38 2e 35 2c 32 36 33 20 32 38 34 2e 38 2c 32 30 37 2e 37 20 09 22 2f 3e 0a 09 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73 3d 22 33 33 2e 39 2c 32 30 37 2e 37 20 35 30 2e 31 2c 32 36 33 20 31 30 36 2e 38 2c 32 34 37 2e 34 20 38 30 2e 33 2c 32 30 36 2e 38 20 09 22 2f 3e 0a 09 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73 3d 22 31 30 33 2e 36 2c 31 33 38 2e 32 20 38 37 2e 38 2c 31 36 32 2e 31 20 31 34 34 2e 31 2c 31 36 34 2e 36 20 31 34 32 2e 31 2c 31 30 34 2e 31 20 09 22 2f 3e 0a 09 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73
                                                                                                                                                                                                                                                    Data Ascii: s="st1" points="238.3,206.8 211.8,247.4 268.5,263 284.8,207.7 "/><polygon class="st1" points="33.9,207.7 50.1,263 106.8,247.4 80.3,206.8 "/><polygon class="st1" points="103.6,138.2 87.8,162.1 144.1,164.6 142.1,104.1 "/><polygon class="st1" points
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC1221INData Raw: 2e 36 20 31 37 33 2e 31 2c 32 32 37 2e 36 20 31 37 39 2e 38 2c 31 39 33 2e 35 20 09 22 2f 3e 0a 3c 2f 67 3e 0a 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 36 22 20 70 6f 69 6e 74 73 3d 22 31 37 39 2e 38 2c 31 39 33 2e 35 20 31 37 33 2e 31 2c 32 32 37 2e 36 20 31 37 37 2e 39 2c 32 33 30 2e 39 20 32 30 37 2e 31 2c 32 30 38 2e 31 20 32 30 38 2e 31 2c 31 38 35 2e 32 20 22 2f 3e 0a 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 36 22 20 70 6f 69 6e 74 73 3d 22 31 31 30 2e 36 2c 31 38 35 2e 32 20 31 31 31 2e 34 2c 32 30 38 2e 31 20 31 34 30 2e 36 2c 32 33 30 2e 39 20 31 34 35 2e 34 2c 32 32 37 2e 36 20 31 33 38 2e 38 2c 31 39 33 2e 35 20 22 2f 3e 0a 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 37 22 20 70 6f 69 6e 74 73 3d 22 31 38 30
                                                                                                                                                                                                                                                    Data Ascii: .6 173.1,227.6 179.8,193.5 "/></g><polygon class="st6" points="179.8,193.5 173.1,227.6 177.9,230.9 207.1,208.1 208.1,185.2 "/><polygon class="st6" points="110.6,185.2 111.4,208.1 140.6,230.9 145.4,227.6 138.8,193.5 "/><polygon class="st7" points="180


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.2.455677185.199.111.1534437120C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC350OUTGET /assets/icon.svg HTTP/1.1
                                                                                                                                                                                                                                                    Host: metamask.io
                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC638INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Content-Length: 3977
                                                                                                                                                                                                                                                    Server: GitHub.com
                                                                                                                                                                                                                                                    Content-Type: image/svg+xml
                                                                                                                                                                                                                                                    Last-Modified: Mon, 06 Jan 2025 13:19:08 GMT
                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                    ETag: "677bd84c-f89"
                                                                                                                                                                                                                                                    expires: Mon, 06 Jan 2025 15:11:12 GMT
                                                                                                                                                                                                                                                    Cache-Control: max-age=600
                                                                                                                                                                                                                                                    x-proxy-cache: MISS
                                                                                                                                                                                                                                                    X-GitHub-Request-Id: 3517:16728E:38D7CB3:3F0DD41:677BF035
                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                    Date: Mon, 06 Jan 2025 15:01:12 GMT
                                                                                                                                                                                                                                                    Via: 1.1 varnish
                                                                                                                                                                                                                                                    X-Served-By: cache-nyc-kteb1890026-NYC
                                                                                                                                                                                                                                                    X-Cache: MISS
                                                                                                                                                                                                                                                    X-Cache-Hits: 0
                                                                                                                                                                                                                                                    X-Timer: S1736175673.604995,VS0,VE18
                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                    X-Fastly-Request-ID: a151e34e3df002bf2084e88c449b15118a21e8d7
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC1378INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 32 2e 30 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3a 65 76 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 78 6d 6c 2d 65 76 65 6e 74 73 22 0a 09 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78
                                                                                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 22.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" xmlns:ev="http://www.w3.org/2001/xml-events" xmlns="http://www.w3.org/2000/svg" xmlns:x
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC1378INData Raw: 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73 3d 22 32 33 38 2e 33 2c 32 30 36 2e 38 20 32 31 31 2e 38 2c 32 34 37 2e 34 20 32 36 38 2e 35 2c 32 36 33 20 32 38 34 2e 38 2c 32 30 37 2e 37 20 09 22 2f 3e 0a 09 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73 3d 22 33 33 2e 39 2c 32 30 37 2e 37 20 35 30 2e 31 2c 32 36 33 20 31 30 36 2e 38 2c 32 34 37 2e 34 20 38 30 2e 33 2c 32 30 36 2e 38 20 09 22 2f 3e 0a 09 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73 3d 22 31 30 33 2e 36 2c 31 33 38 2e 32 20 38 37 2e 38 2c 31 36 32 2e 31 20 31 34 34 2e 31 2c 31 36 34 2e 36 20 31 34 32 2e 31 2c 31 30 34 2e 31 20 09 22 2f 3e 0a 09 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 31 22 20 70 6f 69 6e 74 73
                                                                                                                                                                                                                                                    Data Ascii: s="st1" points="238.3,206.8 211.8,247.4 268.5,263 284.8,207.7 "/><polygon class="st1" points="33.9,207.7 50.1,263 106.8,247.4 80.3,206.8 "/><polygon class="st1" points="103.6,138.2 87.8,162.1 144.1,164.6 142.1,104.1 "/><polygon class="st1" points
                                                                                                                                                                                                                                                    2025-01-06 15:01:12 UTC1221INData Raw: 2e 36 20 31 37 33 2e 31 2c 32 32 37 2e 36 20 31 37 39 2e 38 2c 31 39 33 2e 35 20 09 22 2f 3e 0a 3c 2f 67 3e 0a 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 36 22 20 70 6f 69 6e 74 73 3d 22 31 37 39 2e 38 2c 31 39 33 2e 35 20 31 37 33 2e 31 2c 32 32 37 2e 36 20 31 37 37 2e 39 2c 32 33 30 2e 39 20 32 30 37 2e 31 2c 32 30 38 2e 31 20 32 30 38 2e 31 2c 31 38 35 2e 32 20 22 2f 3e 0a 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 36 22 20 70 6f 69 6e 74 73 3d 22 31 31 30 2e 36 2c 31 38 35 2e 32 20 31 31 31 2e 34 2c 32 30 38 2e 31 20 31 34 30 2e 36 2c 32 33 30 2e 39 20 31 34 35 2e 34 2c 32 32 37 2e 36 20 31 33 38 2e 38 2c 31 39 33 2e 35 20 22 2f 3e 0a 3c 70 6f 6c 79 67 6f 6e 20 63 6c 61 73 73 3d 22 73 74 37 22 20 70 6f 69 6e 74 73 3d 22 31 38 30
                                                                                                                                                                                                                                                    Data Ascii: .6 173.1,227.6 179.8,193.5 "/></g><polygon class="st6" points="179.8,193.5 173.1,227.6 177.9,230.9 207.1,208.1 208.1,185.2 "/><polygon class="st6" points="110.6,185.2 111.4,208.1 140.6,230.9 145.4,227.6 138.8,193.5 "/><polygon class="st7" points="180


                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:10:00:00
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\UpdaterTool.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff6e5780000
                                                                                                                                                                                                                                                    File size:16'001'583 bytes
                                                                                                                                                                                                                                                    MD5 hash:09CB59F6BBD3558B6698D029C1DACCEC
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                    Start time:10:00:01
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\UpdaterTool.exe"
                                                                                                                                                                                                                                                    Imagebase:0x7ff6e5780000
                                                                                                                                                                                                                                                    File size:16'001'583 bytes
                                                                                                                                                                                                                                                    MD5 hash:09CB59F6BBD3558B6698D029C1DACCEC
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                    Start time:10:00:06
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST"
                                                                                                                                                                                                                                                    Imagebase:0x7ff657640000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                    Start time:10:00:06
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                    Start time:10:00:06
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                                                                                    Imagebase:0x7ff76f990000
                                                                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                    Start time:10:00:07
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    Imagebase:0x7ff6e5780000
                                                                                                                                                                                                                                                    File size:16'001'583 bytes
                                                                                                                                                                                                                                                    MD5 hash:09CB59F6BBD3558B6698D029C1DACCEC
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                    Start time:10:00:09
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                    Imagebase:0x7ff6e5780000
                                                                                                                                                                                                                                                    File size:16'001'583 bytes
                                                                                                                                                                                                                                                    MD5 hash:09CB59F6BBD3558B6698D029C1DACCEC
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                    Start time:10:00:13
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c "schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST"
                                                                                                                                                                                                                                                    Imagebase:0x7ff657640000
                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                    Start time:10:00:13
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                    Start time:10:00:13
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:schtasks /create /tn "SystemUpdateTask" /tr "C:\Users\user\Desktop\UpdaterTool.exe" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                                                                                    Imagebase:0x7ff76f990000
                                                                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                    Start time:10:01:06
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://alert-metamask.info/
                                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                    Start time:10:01:07
                                                                                                                                                                                                                                                    Start date:06/01/2025
                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,3885513550755460943,12905883307123306454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                      Execution Coverage:9.5%
                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                      Signature Coverage:20%
                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                      Total number of Limit Nodes:39
                                                                                                                                                                                                                                                      execution_graph 17049 7ff6e578cc3c 17070 7ff6e578ce0c 17049->17070 17052 7ff6e578cd88 17224 7ff6e578d12c IsProcessorFeaturePresent 17052->17224 17053 7ff6e578cc58 __scrt_acquire_startup_lock 17055 7ff6e578cd92 17053->17055 17062 7ff6e578cc76 __scrt_release_startup_lock 17053->17062 17056 7ff6e578d12c 7 API calls 17055->17056 17058 7ff6e578cd9d __GetCurrentState 17056->17058 17057 7ff6e578cc9b 17059 7ff6e578cd21 17076 7ff6e578d274 17059->17076 17061 7ff6e578cd26 17079 7ff6e5781000 17061->17079 17062->17057 17062->17059 17213 7ff6e5799b2c 17062->17213 17067 7ff6e578cd49 17067->17058 17220 7ff6e578cf90 17067->17220 17071 7ff6e578ce14 17070->17071 17072 7ff6e578ce20 __scrt_dllmain_crt_thread_attach 17071->17072 17073 7ff6e578cc50 17072->17073 17074 7ff6e578ce2d 17072->17074 17073->17052 17073->17053 17074->17073 17231 7ff6e578d888 17074->17231 17077 7ff6e57aa4d0 memcpy_s 17076->17077 17078 7ff6e578d28b GetStartupInfoW 17077->17078 17078->17061 17080 7ff6e5781009 17079->17080 17258 7ff6e5795484 17080->17258 17082 7ff6e57837fb 17265 7ff6e57836b0 17082->17265 17086 7ff6e578c550 _log10_special 8 API calls 17088 7ff6e5783ca7 17086->17088 17218 7ff6e578d2b8 GetModuleHandleW 17088->17218 17089 7ff6e578383c 17425 7ff6e5781c80 17089->17425 17090 7ff6e578391b 17434 7ff6e57845c0 17090->17434 17094 7ff6e578385b 17337 7ff6e5788830 17094->17337 17095 7ff6e578396a 17457 7ff6e5782710 17095->17457 17099 7ff6e578388e 17106 7ff6e57838bb __vcrt_freefls 17099->17106 17429 7ff6e57889a0 17099->17429 17100 7ff6e578395d 17101 7ff6e5783984 17100->17101 17102 7ff6e5783962 17100->17102 17105 7ff6e5781c80 49 API calls 17101->17105 17453 7ff6e579004c 17102->17453 17107 7ff6e57839a3 17105->17107 17108 7ff6e5788830 14 API calls 17106->17108 17116 7ff6e57838de __vcrt_freefls 17106->17116 17111 7ff6e5781950 115 API calls 17107->17111 17108->17116 17110 7ff6e5783a0b 17112 7ff6e57889a0 40 API calls 17110->17112 17113 7ff6e57839ce 17111->17113 17114 7ff6e5783a17 17112->17114 17113->17094 17115 7ff6e57839de 17113->17115 17117 7ff6e57889a0 40 API calls 17114->17117 17118 7ff6e5782710 54 API calls 17115->17118 17121 7ff6e578390e __vcrt_freefls 17116->17121 17468 7ff6e5788940 17116->17468 17119 7ff6e5783a23 17117->17119 17127 7ff6e5783808 __vcrt_freefls 17118->17127 17120 7ff6e57889a0 40 API calls 17119->17120 17120->17121 17122 7ff6e5788830 14 API calls 17121->17122 17123 7ff6e5783a3b 17122->17123 17124 7ff6e5783b2f 17123->17124 17125 7ff6e5783a60 __vcrt_freefls 17123->17125 17126 7ff6e5782710 54 API calls 17124->17126 17128 7ff6e5788940 40 API calls 17125->17128 17136 7ff6e5783aab 17125->17136 17126->17127 17127->17086 17128->17136 17129 7ff6e5788830 14 API calls 17130 7ff6e5783bf4 __vcrt_freefls 17129->17130 17131 7ff6e5783c46 17130->17131 17132 7ff6e5783d41 17130->17132 17133 7ff6e5783cd4 17131->17133 17134 7ff6e5783c50 17131->17134 17475 7ff6e57844e0 17132->17475 17138 7ff6e5788830 14 API calls 17133->17138 17350 7ff6e57890e0 17134->17350 17136->17129 17141 7ff6e5783ce0 17138->17141 17139 7ff6e5783d4f 17142 7ff6e5783d65 17139->17142 17143 7ff6e5783d71 17139->17143 17144 7ff6e5783c61 17141->17144 17148 7ff6e5783ced 17141->17148 17478 7ff6e5784630 17142->17478 17146 7ff6e5781c80 49 API calls 17143->17146 17151 7ff6e5782710 54 API calls 17144->17151 17157 7ff6e5783cc8 __vcrt_freefls 17146->17157 17152 7ff6e5781c80 49 API calls 17148->17152 17149 7ff6e5783dc4 17400 7ff6e5789390 17149->17400 17151->17127 17154 7ff6e5783d0b 17152->17154 17154->17157 17158 7ff6e5783d12 17154->17158 17155 7ff6e5783da7 SetDllDirectoryW LoadLibraryExW 17155->17149 17156 7ff6e5783dd7 SetDllDirectoryW 17161 7ff6e5783e0a 17156->17161 17203 7ff6e5783e5a 17156->17203 17157->17149 17157->17155 17159 7ff6e5782710 54 API calls 17158->17159 17159->17127 17163 7ff6e5788830 14 API calls 17161->17163 17162 7ff6e5784008 17165 7ff6e5784035 17162->17165 17166 7ff6e5784012 PostMessageW GetMessageW 17162->17166 17169 7ff6e5783e16 __vcrt_freefls 17163->17169 17164 7ff6e5783f1b 17405 7ff6e57833c0 17164->17405 17555 7ff6e5783360 17165->17555 17166->17165 17171 7ff6e5783ef2 17169->17171 17175 7ff6e5783e4e 17169->17175 17174 7ff6e5788940 40 API calls 17171->17174 17174->17203 17175->17203 17481 7ff6e5786dc0 17175->17481 17203->17162 17203->17164 17214 7ff6e5799b43 17213->17214 17215 7ff6e5799b64 17213->17215 17214->17059 19474 7ff6e579a3d8 17215->19474 17219 7ff6e578d2c9 17218->17219 17219->17067 17222 7ff6e578cfa1 17220->17222 17221 7ff6e578cd60 17221->17057 17222->17221 17223 7ff6e578d888 7 API calls 17222->17223 17223->17221 17225 7ff6e578d152 _isindst memcpy_s 17224->17225 17226 7ff6e578d171 RtlCaptureContext RtlLookupFunctionEntry 17225->17226 17227 7ff6e578d1d6 memcpy_s 17226->17227 17228 7ff6e578d19a RtlVirtualUnwind 17226->17228 17229 7ff6e578d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17227->17229 17228->17227 17230 7ff6e578d256 _isindst 17229->17230 17230->17055 17232 7ff6e578d890 17231->17232 17233 7ff6e578d89a 17231->17233 17237 7ff6e578dc24 17232->17237 17233->17073 17238 7ff6e578d895 17237->17238 17239 7ff6e578dc33 17237->17239 17241 7ff6e578dc90 17238->17241 17245 7ff6e578de60 17239->17245 17242 7ff6e578dcbb 17241->17242 17243 7ff6e578dc9e DeleteCriticalSection 17242->17243 17244 7ff6e578dcbf 17242->17244 17243->17242 17244->17233 17249 7ff6e578dcc8 17245->17249 17250 7ff6e578ddb2 TlsFree 17249->17250 17255 7ff6e578dd0c __vcrt_InitializeCriticalSectionEx 17249->17255 17251 7ff6e578dd3a LoadLibraryExW 17252 7ff6e578ddd9 17251->17252 17253 7ff6e578dd5b GetLastError 17251->17253 17254 7ff6e578ddf9 GetProcAddress 17252->17254 17256 7ff6e578ddf0 FreeLibrary 17252->17256 17253->17255 17254->17250 17255->17250 17255->17251 17255->17254 17257 7ff6e578dd7d LoadLibraryExW 17255->17257 17256->17254 17257->17252 17257->17255 17259 7ff6e579f480 17258->17259 17261 7ff6e579f526 17259->17261 17262 7ff6e579f4d3 17259->17262 17260 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17264 7ff6e579f4fc 17260->17264 17568 7ff6e579f358 17261->17568 17262->17260 17264->17082 17576 7ff6e578c850 17265->17576 17267 7ff6e57836bc GetModuleFileNameW 17268 7ff6e57836eb GetLastError 17267->17268 17269 7ff6e5783710 17267->17269 17583 7ff6e5782c50 17268->17583 17578 7ff6e5789280 FindFirstFileExW 17269->17578 17273 7ff6e578377d 17609 7ff6e5789440 17273->17609 17274 7ff6e5783723 17598 7ff6e5789300 CreateFileW 17274->17598 17275 7ff6e578c550 _log10_special 8 API calls 17278 7ff6e57837b5 17275->17278 17278->17127 17287 7ff6e5781950 17278->17287 17280 7ff6e578378b 17283 7ff6e5783706 17280->17283 17284 7ff6e5782810 49 API calls 17280->17284 17281 7ff6e578374c __vcrt_InitializeCriticalSectionEx 17281->17273 17282 7ff6e5783734 17601 7ff6e5782810 17282->17601 17283->17275 17284->17283 17288 7ff6e57845c0 108 API calls 17287->17288 17289 7ff6e5781985 17288->17289 17290 7ff6e5781c43 17289->17290 17292 7ff6e5787f90 83 API calls 17289->17292 17291 7ff6e578c550 _log10_special 8 API calls 17290->17291 17294 7ff6e5781c5e 17291->17294 17293 7ff6e57819cb 17292->17293 17336 7ff6e5781a03 17293->17336 17954 7ff6e57906d4 17293->17954 17294->17089 17294->17090 17296 7ff6e579004c 74 API calls 17296->17290 17297 7ff6e57819e5 17298 7ff6e57819e9 17297->17298 17299 7ff6e5781a08 17297->17299 17300 7ff6e5794f08 memcpy_s 11 API calls 17298->17300 17958 7ff6e579039c 17299->17958 17302 7ff6e57819ee 17300->17302 17961 7ff6e5782910 17302->17961 17305 7ff6e5781a26 17307 7ff6e5794f08 memcpy_s 11 API calls 17305->17307 17306 7ff6e5781a45 17309 7ff6e5781a5c 17306->17309 17310 7ff6e5781a7b 17306->17310 17308 7ff6e5781a2b 17307->17308 17311 7ff6e5782910 54 API calls 17308->17311 17312 7ff6e5794f08 memcpy_s 11 API calls 17309->17312 17313 7ff6e5781c80 49 API calls 17310->17313 17311->17336 17314 7ff6e5781a61 17312->17314 17315 7ff6e5781a92 17313->17315 17316 7ff6e5782910 54 API calls 17314->17316 17317 7ff6e5781c80 49 API calls 17315->17317 17316->17336 17318 7ff6e5781add 17317->17318 17319 7ff6e57906d4 73 API calls 17318->17319 17320 7ff6e5781b01 17319->17320 17321 7ff6e5781b16 17320->17321 17322 7ff6e5781b35 17320->17322 17323 7ff6e5794f08 memcpy_s 11 API calls 17321->17323 17324 7ff6e579039c _fread_nolock 53 API calls 17322->17324 17325 7ff6e5781b1b 17323->17325 17326 7ff6e5781b4a 17324->17326 17327 7ff6e5782910 54 API calls 17325->17327 17328 7ff6e5781b50 17326->17328 17329 7ff6e5781b6f 17326->17329 17327->17336 17331 7ff6e5794f08 memcpy_s 11 API calls 17328->17331 17976 7ff6e5790110 17329->17976 17333 7ff6e5781b55 17331->17333 17334 7ff6e5782910 54 API calls 17333->17334 17334->17336 17335 7ff6e5782710 54 API calls 17335->17336 17336->17296 17338 7ff6e578883a 17337->17338 17339 7ff6e5789390 2 API calls 17338->17339 17340 7ff6e5788859 GetEnvironmentVariableW 17339->17340 17341 7ff6e57888c2 17340->17341 17342 7ff6e5788876 ExpandEnvironmentStringsW 17340->17342 17344 7ff6e578c550 _log10_special 8 API calls 17341->17344 17342->17341 17343 7ff6e5788898 17342->17343 17345 7ff6e5789440 2 API calls 17343->17345 17346 7ff6e57888d4 17344->17346 17347 7ff6e57888aa 17345->17347 17346->17099 17348 7ff6e578c550 _log10_special 8 API calls 17347->17348 17349 7ff6e57888ba 17348->17349 17349->17099 17351 7ff6e57890f5 17350->17351 18191 7ff6e5788570 GetCurrentProcess OpenProcessToken 17351->18191 17354 7ff6e5788570 7 API calls 17355 7ff6e5789121 17354->17355 17356 7ff6e5789154 17355->17356 17357 7ff6e578913a 17355->17357 17359 7ff6e57826b0 48 API calls 17356->17359 17358 7ff6e57826b0 48 API calls 17357->17358 17360 7ff6e5789152 17358->17360 17361 7ff6e5789167 LocalFree LocalFree 17359->17361 17360->17361 17362 7ff6e5789183 17361->17362 17365 7ff6e578918f 17361->17365 18201 7ff6e5782b50 17362->18201 17364 7ff6e578c550 _log10_special 8 API calls 17366 7ff6e5783c55 17364->17366 17365->17364 17366->17144 17367 7ff6e5788660 17366->17367 17368 7ff6e5788678 17367->17368 17369 7ff6e57886fa GetTempPathW GetCurrentProcessId 17368->17369 17370 7ff6e578869c 17368->17370 18210 7ff6e57825c0 17369->18210 17372 7ff6e5788830 14 API calls 17370->17372 17373 7ff6e57886a8 17372->17373 18217 7ff6e57881d0 17373->18217 17374 7ff6e5788728 __vcrt_freefls 17386 7ff6e5788765 __vcrt_freefls 17374->17386 18214 7ff6e5798b68 17374->18214 17385 7ff6e578c550 _log10_special 8 API calls 17391 7ff6e5789390 2 API calls 17386->17391 17399 7ff6e57887d4 __vcrt_freefls 17386->17399 17392 7ff6e57887b1 17391->17392 17399->17385 17401 7ff6e57893b2 MultiByteToWideChar 17400->17401 17402 7ff6e57893d6 17400->17402 17401->17402 17404 7ff6e57893ec __vcrt_freefls 17401->17404 17403 7ff6e57893f3 MultiByteToWideChar 17402->17403 17402->17404 17403->17404 17404->17156 17417 7ff6e57833ce memcpy_s 17405->17417 17406 7ff6e578c550 _log10_special 8 API calls 17408 7ff6e5783664 17406->17408 17407 7ff6e57835c7 17407->17406 17408->17127 17424 7ff6e57890c0 LocalFree 17408->17424 17410 7ff6e5781c80 49 API calls 17410->17417 17411 7ff6e57835e2 17413 7ff6e5782710 54 API calls 17411->17413 17413->17407 17416 7ff6e57835c9 17419 7ff6e5782710 54 API calls 17416->17419 17417->17407 17417->17410 17417->17411 17417->17416 17418 7ff6e5782a50 54 API calls 17417->17418 17422 7ff6e57835d0 17417->17422 18397 7ff6e5784560 17417->18397 18403 7ff6e5787e20 17417->18403 18414 7ff6e5781600 17417->18414 18462 7ff6e5787120 17417->18462 18466 7ff6e5784190 17417->18466 18510 7ff6e5784450 17417->18510 17418->17417 17419->17407 17423 7ff6e5782710 54 API calls 17422->17423 17423->17407 17426 7ff6e5781ca5 17425->17426 17427 7ff6e5794984 49 API calls 17426->17427 17428 7ff6e5781cc8 17427->17428 17428->17094 17430 7ff6e5789390 2 API calls 17429->17430 17431 7ff6e57889b4 17430->17431 17432 7ff6e5798238 38 API calls 17431->17432 17433 7ff6e57889c6 __vcrt_freefls 17432->17433 17433->17106 17435 7ff6e57845cc 17434->17435 17436 7ff6e5789390 2 API calls 17435->17436 17437 7ff6e57845f4 17436->17437 17438 7ff6e5789390 2 API calls 17437->17438 17439 7ff6e5784607 17438->17439 18677 7ff6e5795f94 17439->18677 17442 7ff6e578c550 _log10_special 8 API calls 17443 7ff6e578392b 17442->17443 17443->17095 17444 7ff6e5787f90 17443->17444 17445 7ff6e5787fb4 17444->17445 17446 7ff6e578808b __vcrt_freefls 17445->17446 17447 7ff6e57906d4 73 API calls 17445->17447 17446->17100 17448 7ff6e5787fd0 17447->17448 17448->17446 19068 7ff6e57978c8 17448->19068 17450 7ff6e5787fe5 17450->17446 17451 7ff6e57906d4 73 API calls 17450->17451 17452 7ff6e579039c _fread_nolock 53 API calls 17450->17452 17451->17450 17452->17450 17454 7ff6e579007c 17453->17454 19083 7ff6e578fe28 17454->19083 17456 7ff6e5790095 17456->17095 17458 7ff6e578c850 17457->17458 17459 7ff6e5782734 GetCurrentProcessId 17458->17459 17460 7ff6e5781c80 49 API calls 17459->17460 17461 7ff6e5782787 17460->17461 17462 7ff6e5794984 49 API calls 17461->17462 17463 7ff6e57827cf 17462->17463 17464 7ff6e5782620 12 API calls 17463->17464 17465 7ff6e57827f1 17464->17465 17466 7ff6e578c550 _log10_special 8 API calls 17465->17466 17467 7ff6e5782801 17466->17467 17467->17127 17469 7ff6e5789390 2 API calls 17468->17469 17470 7ff6e578895c 17469->17470 17471 7ff6e5789390 2 API calls 17470->17471 17472 7ff6e578896c 17471->17472 17473 7ff6e5798238 38 API calls 17472->17473 17474 7ff6e578897a __vcrt_freefls 17473->17474 17474->17110 17476 7ff6e5781c80 49 API calls 17475->17476 17477 7ff6e57844fd 17476->17477 17477->17139 17479 7ff6e5781c80 49 API calls 17478->17479 17480 7ff6e5784660 17479->17480 17480->17157 17482 7ff6e5786dd5 17481->17482 17483 7ff6e5783e6c 17482->17483 17484 7ff6e5794f08 memcpy_s 11 API calls 17482->17484 17487 7ff6e5787340 17483->17487 17485 7ff6e5786de2 17484->17485 17486 7ff6e5782910 54 API calls 17485->17486 17486->17483 19094 7ff6e5781470 17487->19094 19200 7ff6e5786360 17555->19200 17575 7ff6e579546c EnterCriticalSection 17568->17575 17577 7ff6e578c87a 17576->17577 17577->17267 17577->17577 17579 7ff6e57892bf FindClose 17578->17579 17580 7ff6e57892d2 17578->17580 17579->17580 17581 7ff6e578c550 _log10_special 8 API calls 17580->17581 17582 7ff6e578371a 17581->17582 17582->17273 17582->17274 17584 7ff6e578c850 17583->17584 17585 7ff6e5782c70 GetCurrentProcessId 17584->17585 17614 7ff6e57826b0 17585->17614 17587 7ff6e5782cb9 17618 7ff6e5794bd8 17587->17618 17590 7ff6e57826b0 48 API calls 17591 7ff6e5782d34 FormatMessageW 17590->17591 17593 7ff6e5782d6d 17591->17593 17594 7ff6e5782d7f MessageBoxW 17591->17594 17596 7ff6e57826b0 48 API calls 17593->17596 17595 7ff6e578c550 _log10_special 8 API calls 17594->17595 17597 7ff6e5782daf 17595->17597 17596->17594 17597->17283 17599 7ff6e5789340 GetFinalPathNameByHandleW CloseHandle 17598->17599 17600 7ff6e5783730 17598->17600 17599->17600 17600->17281 17600->17282 17602 7ff6e5782834 17601->17602 17603 7ff6e57826b0 48 API calls 17602->17603 17604 7ff6e5782887 17603->17604 17605 7ff6e5794bd8 48 API calls 17604->17605 17606 7ff6e57828d0 MessageBoxW 17605->17606 17607 7ff6e578c550 _log10_special 8 API calls 17606->17607 17608 7ff6e5782900 17607->17608 17608->17283 17610 7ff6e5789495 17609->17610 17611 7ff6e578946a WideCharToMultiByte 17609->17611 17612 7ff6e57894b2 WideCharToMultiByte 17610->17612 17613 7ff6e57894ab __vcrt_freefls 17610->17613 17611->17610 17611->17613 17612->17613 17613->17280 17615 7ff6e57826d5 17614->17615 17616 7ff6e5794bd8 48 API calls 17615->17616 17617 7ff6e57826f8 17616->17617 17617->17587 17620 7ff6e5794c32 17618->17620 17619 7ff6e5794c57 17621 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17619->17621 17620->17619 17622 7ff6e5794c93 17620->17622 17625 7ff6e5794c81 17621->17625 17636 7ff6e5792f90 17622->17636 17626 7ff6e578c550 _log10_special 8 API calls 17625->17626 17628 7ff6e5782d04 17626->17628 17627 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17627->17625 17628->17590 17629 7ff6e5794d49 17634 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17629->17634 17630 7ff6e5794d9a 17632 7ff6e5794d74 17630->17632 17633 7ff6e5794da4 17630->17633 17631 7ff6e5794d40 17631->17629 17631->17632 17632->17627 17635 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17633->17635 17634->17625 17635->17625 17637 7ff6e5792fce 17636->17637 17638 7ff6e5792fbe 17636->17638 17639 7ff6e5792fd7 17637->17639 17644 7ff6e5793005 17637->17644 17641 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17638->17641 17642 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17639->17642 17640 7ff6e5792ffd 17640->17629 17640->17630 17640->17631 17640->17632 17641->17640 17642->17640 17644->17638 17644->17640 17647 7ff6e57939a4 17644->17647 17680 7ff6e57933f0 17644->17680 17717 7ff6e5792b80 17644->17717 17648 7ff6e57939e6 17647->17648 17649 7ff6e5793a57 17647->17649 17652 7ff6e5793a81 17648->17652 17653 7ff6e57939ec 17648->17653 17650 7ff6e5793ab0 17649->17650 17651 7ff6e5793a5c 17649->17651 17658 7ff6e5793ac7 17650->17658 17660 7ff6e5793aba 17650->17660 17665 7ff6e5793abf 17650->17665 17656 7ff6e5793a5e 17651->17656 17657 7ff6e5793a91 17651->17657 17740 7ff6e5791d54 17652->17740 17654 7ff6e5793a20 17653->17654 17655 7ff6e57939f1 17653->17655 17661 7ff6e57939f7 17654->17661 17654->17665 17655->17658 17655->17661 17659 7ff6e5793a00 17656->17659 17669 7ff6e5793a6d 17656->17669 17747 7ff6e5791944 17657->17747 17754 7ff6e57946ac 17658->17754 17678 7ff6e5793af0 17659->17678 17720 7ff6e5794158 17659->17720 17660->17652 17660->17665 17661->17659 17668 7ff6e5793a32 17661->17668 17676 7ff6e5793a1b 17661->17676 17665->17678 17758 7ff6e5792164 17665->17758 17668->17678 17730 7ff6e5794494 17668->17730 17669->17652 17670 7ff6e5793a72 17669->17670 17670->17678 17736 7ff6e5794558 17670->17736 17672 7ff6e578c550 _log10_special 8 API calls 17673 7ff6e5793dea 17672->17673 17673->17644 17676->17678 17679 7ff6e5793cdc 17676->17679 17765 7ff6e57947c0 17676->17765 17678->17672 17679->17678 17771 7ff6e579ea08 17679->17771 17681 7ff6e57933fe 17680->17681 17682 7ff6e5793414 17680->17682 17683 7ff6e5793454 17681->17683 17685 7ff6e57939e6 17681->17685 17686 7ff6e5793a57 17681->17686 17682->17683 17684 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17682->17684 17683->17644 17684->17683 17689 7ff6e5793a81 17685->17689 17690 7ff6e57939ec 17685->17690 17687 7ff6e5793ab0 17686->17687 17688 7ff6e5793a5c 17686->17688 17695 7ff6e5793ac7 17687->17695 17697 7ff6e5793aba 17687->17697 17702 7ff6e5793abf 17687->17702 17693 7ff6e5793a5e 17688->17693 17694 7ff6e5793a91 17688->17694 17699 7ff6e5791d54 38 API calls 17689->17699 17691 7ff6e5793a20 17690->17691 17692 7ff6e57939f1 17690->17692 17698 7ff6e57939f7 17691->17698 17691->17702 17692->17695 17692->17698 17696 7ff6e5793a00 17693->17696 17705 7ff6e5793a6d 17693->17705 17700 7ff6e5791944 38 API calls 17694->17700 17703 7ff6e57946ac 45 API calls 17695->17703 17701 7ff6e5794158 47 API calls 17696->17701 17715 7ff6e5793af0 17696->17715 17697->17689 17697->17702 17698->17696 17706 7ff6e5793a32 17698->17706 17712 7ff6e5793a1b 17698->17712 17699->17712 17700->17712 17701->17712 17704 7ff6e5792164 38 API calls 17702->17704 17702->17715 17703->17712 17704->17712 17705->17689 17707 7ff6e5793a72 17705->17707 17708 7ff6e5794494 46 API calls 17706->17708 17706->17715 17710 7ff6e5794558 37 API calls 17707->17710 17707->17715 17708->17712 17709 7ff6e578c550 _log10_special 8 API calls 17711 7ff6e5793dea 17709->17711 17710->17712 17711->17644 17713 7ff6e57947c0 45 API calls 17712->17713 17712->17715 17716 7ff6e5793cdc 17712->17716 17713->17716 17714 7ff6e579ea08 46 API calls 17714->17716 17715->17709 17716->17714 17716->17715 17937 7ff6e5790fc8 17717->17937 17721 7ff6e579417e 17720->17721 17783 7ff6e5790b80 17721->17783 17726 7ff6e57947c0 45 API calls 17728 7ff6e57942c3 17726->17728 17727 7ff6e57947c0 45 API calls 17729 7ff6e5794351 17727->17729 17728->17727 17728->17728 17728->17729 17729->17676 17732 7ff6e57944c9 17730->17732 17731 7ff6e579450e 17731->17676 17732->17731 17733 7ff6e57944e7 17732->17733 17734 7ff6e57947c0 45 API calls 17732->17734 17735 7ff6e579ea08 46 API calls 17733->17735 17734->17733 17735->17731 17737 7ff6e5794579 17736->17737 17738 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17737->17738 17739 7ff6e57945aa 17737->17739 17738->17739 17739->17676 17741 7ff6e5791d87 17740->17741 17742 7ff6e5791db6 17741->17742 17744 7ff6e5791e73 17741->17744 17746 7ff6e5791df3 17742->17746 17910 7ff6e5790c28 17742->17910 17745 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17744->17745 17745->17746 17746->17676 17748 7ff6e5791977 17747->17748 17749 7ff6e57919a6 17748->17749 17751 7ff6e5791a63 17748->17751 17750 7ff6e5790c28 12 API calls 17749->17750 17753 7ff6e57919e3 17749->17753 17750->17753 17752 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17751->17752 17752->17753 17753->17676 17755 7ff6e57946ef 17754->17755 17757 7ff6e57946f3 __crtLCMapStringW 17755->17757 17918 7ff6e5794748 17755->17918 17757->17676 17759 7ff6e5792197 17758->17759 17760 7ff6e57921c6 17759->17760 17762 7ff6e5792283 17759->17762 17761 7ff6e5790c28 12 API calls 17760->17761 17764 7ff6e5792203 17760->17764 17761->17764 17763 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17762->17763 17763->17764 17764->17676 17766 7ff6e57947d7 17765->17766 17922 7ff6e579d9b8 17766->17922 17772 7ff6e579ea39 17771->17772 17778 7ff6e579ea47 17771->17778 17773 7ff6e579ea67 17772->17773 17774 7ff6e57947c0 45 API calls 17772->17774 17772->17778 17775 7ff6e579ea9f 17773->17775 17776 7ff6e579ea78 17773->17776 17774->17773 17775->17778 17779 7ff6e579eb2a 17775->17779 17781 7ff6e579eac9 17775->17781 17930 7ff6e57a00a0 17776->17930 17778->17679 17780 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 17779->17780 17780->17778 17781->17778 17782 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 17781->17782 17782->17778 17784 7ff6e5790bb7 17783->17784 17790 7ff6e5790ba6 17783->17790 17785 7ff6e579d5fc _fread_nolock 12 API calls 17784->17785 17784->17790 17786 7ff6e5790be4 17785->17786 17787 7ff6e5790bf8 17786->17787 17788 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17786->17788 17789 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17787->17789 17788->17787 17789->17790 17791 7ff6e579e570 17790->17791 17792 7ff6e579e5c0 17791->17792 17793 7ff6e579e58d 17791->17793 17792->17793 17795 7ff6e579e5f2 17792->17795 17794 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17793->17794 17804 7ff6e57942a1 17794->17804 17799 7ff6e579e705 17795->17799 17808 7ff6e579e63a 17795->17808 17796 7ff6e579e7f7 17837 7ff6e579da5c 17796->17837 17798 7ff6e579e7bd 17830 7ff6e579ddf4 17798->17830 17799->17796 17799->17798 17800 7ff6e579e78c 17799->17800 17802 7ff6e579e74f 17799->17802 17805 7ff6e579e745 17799->17805 17823 7ff6e579e0d4 17800->17823 17813 7ff6e579e304 17802->17813 17804->17726 17804->17728 17805->17798 17807 7ff6e579e74a 17805->17807 17807->17800 17807->17802 17808->17804 17809 7ff6e579a4a4 __std_exception_copy 37 API calls 17808->17809 17810 7ff6e579e6f2 17809->17810 17810->17804 17811 7ff6e579a900 _isindst 17 API calls 17810->17811 17812 7ff6e579e854 17811->17812 17846 7ff6e57a40ac 17813->17846 17817 7ff6e579e3ac 17818 7ff6e579e401 17817->17818 17820 7ff6e579e3cc 17817->17820 17822 7ff6e579e3b0 17817->17822 17899 7ff6e579def0 17818->17899 17895 7ff6e579e1ac 17820->17895 17822->17804 17824 7ff6e57a40ac 38 API calls 17823->17824 17825 7ff6e579e11e 17824->17825 17826 7ff6e57a3af4 37 API calls 17825->17826 17827 7ff6e579e16e 17826->17827 17828 7ff6e579e172 17827->17828 17829 7ff6e579e1ac 45 API calls 17827->17829 17828->17804 17829->17828 17831 7ff6e57a40ac 38 API calls 17830->17831 17832 7ff6e579de3f 17831->17832 17833 7ff6e57a3af4 37 API calls 17832->17833 17834 7ff6e579de97 17833->17834 17835 7ff6e579de9b 17834->17835 17836 7ff6e579def0 45 API calls 17834->17836 17835->17804 17836->17835 17838 7ff6e579daa1 17837->17838 17839 7ff6e579dad4 17837->17839 17840 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17838->17840 17841 7ff6e579daec 17839->17841 17843 7ff6e579db6d 17839->17843 17845 7ff6e579dacd memcpy_s 17840->17845 17842 7ff6e579ddf4 46 API calls 17841->17842 17842->17845 17844 7ff6e57947c0 45 API calls 17843->17844 17843->17845 17844->17845 17845->17804 17847 7ff6e57a40ff fegetenv 17846->17847 17848 7ff6e57a7e2c 37 API calls 17847->17848 17854 7ff6e57a4152 17848->17854 17849 7ff6e57a417f 17853 7ff6e579a4a4 __std_exception_copy 37 API calls 17849->17853 17850 7ff6e57a4242 17851 7ff6e57a7e2c 37 API calls 17850->17851 17852 7ff6e57a426c 17851->17852 17857 7ff6e57a7e2c 37 API calls 17852->17857 17858 7ff6e57a41fd 17853->17858 17854->17850 17855 7ff6e57a416d 17854->17855 17856 7ff6e57a421c 17854->17856 17855->17849 17855->17850 17861 7ff6e579a4a4 __std_exception_copy 37 API calls 17856->17861 17859 7ff6e57a427d 17857->17859 17860 7ff6e57a5324 17858->17860 17865 7ff6e57a4205 17858->17865 17862 7ff6e57a8020 20 API calls 17859->17862 17863 7ff6e579a900 _isindst 17 API calls 17860->17863 17861->17858 17873 7ff6e57a42e6 memcpy_s 17862->17873 17864 7ff6e57a5339 17863->17864 17866 7ff6e578c550 _log10_special 8 API calls 17865->17866 17867 7ff6e579e351 17866->17867 17891 7ff6e57a3af4 17867->17891 17868 7ff6e57a468f memcpy_s 17869 7ff6e57a49cf 17870 7ff6e57a3c10 37 API calls 17869->17870 17877 7ff6e57a50e7 17870->17877 17871 7ff6e57a497b 17871->17869 17874 7ff6e57a533c memcpy_s 37 API calls 17871->17874 17872 7ff6e57a4327 memcpy_s 17885 7ff6e57a4c6b memcpy_s 17872->17885 17886 7ff6e57a4783 memcpy_s 17872->17886 17873->17868 17873->17872 17875 7ff6e5794f08 memcpy_s 11 API calls 17873->17875 17874->17869 17876 7ff6e57a4760 17875->17876 17878 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 17876->17878 17880 7ff6e57a533c memcpy_s 37 API calls 17877->17880 17884 7ff6e57a5142 17877->17884 17878->17872 17879 7ff6e57a52c8 17881 7ff6e57a7e2c 37 API calls 17879->17881 17880->17884 17881->17865 17882 7ff6e5794f08 11 API calls memcpy_s 17882->17885 17883 7ff6e5794f08 11 API calls memcpy_s 17883->17886 17884->17879 17887 7ff6e57a3c10 37 API calls 17884->17887 17890 7ff6e57a533c memcpy_s 37 API calls 17884->17890 17885->17869 17885->17871 17885->17882 17888 7ff6e579a8e0 37 API calls _invalid_parameter_noinfo 17885->17888 17886->17871 17886->17883 17889 7ff6e579a8e0 37 API calls _invalid_parameter_noinfo 17886->17889 17887->17884 17888->17885 17889->17886 17890->17884 17892 7ff6e57a3b13 17891->17892 17893 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17892->17893 17894 7ff6e57a3b3e memcpy_s 17892->17894 17893->17894 17894->17817 17896 7ff6e579e1d8 memcpy_s 17895->17896 17897 7ff6e57947c0 45 API calls 17896->17897 17898 7ff6e579e292 memcpy_s 17896->17898 17897->17898 17898->17822 17900 7ff6e579df2b 17899->17900 17905 7ff6e579df78 memcpy_s 17899->17905 17901 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17900->17901 17902 7ff6e579df57 17901->17902 17902->17822 17903 7ff6e579dfe3 17904 7ff6e579a4a4 __std_exception_copy 37 API calls 17903->17904 17909 7ff6e579e025 memcpy_s 17904->17909 17905->17903 17906 7ff6e57947c0 45 API calls 17905->17906 17906->17903 17907 7ff6e579a900 _isindst 17 API calls 17908 7ff6e579e0d0 17907->17908 17909->17907 17911 7ff6e5790c5f 17910->17911 17917 7ff6e5790c4e 17910->17917 17912 7ff6e579d5fc _fread_nolock 12 API calls 17911->17912 17911->17917 17913 7ff6e5790c90 17912->17913 17914 7ff6e5790ca4 17913->17914 17916 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17913->17916 17915 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17914->17915 17915->17917 17916->17914 17917->17746 17919 7ff6e579476e 17918->17919 17920 7ff6e5794766 17918->17920 17919->17757 17921 7ff6e57947c0 45 API calls 17920->17921 17921->17919 17923 7ff6e57947ff 17922->17923 17924 7ff6e579d9d1 17922->17924 17926 7ff6e579da24 17923->17926 17924->17923 17925 7ff6e57a3304 45 API calls 17924->17925 17925->17923 17927 7ff6e579480f 17926->17927 17928 7ff6e579da3d 17926->17928 17927->17679 17928->17927 17929 7ff6e57a2650 45 API calls 17928->17929 17929->17927 17933 7ff6e57a6d88 17930->17933 17936 7ff6e57a6dec 17933->17936 17934 7ff6e578c550 _log10_special 8 API calls 17935 7ff6e57a00bd 17934->17935 17935->17778 17936->17934 17938 7ff6e579100f 17937->17938 17939 7ff6e5790ffd 17937->17939 17942 7ff6e579101d 17938->17942 17946 7ff6e5791059 17938->17946 17940 7ff6e5794f08 memcpy_s 11 API calls 17939->17940 17941 7ff6e5791002 17940->17941 17943 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 17941->17943 17944 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17942->17944 17951 7ff6e579100d 17943->17951 17944->17951 17945 7ff6e57913d5 17947 7ff6e5794f08 memcpy_s 11 API calls 17945->17947 17945->17951 17946->17945 17948 7ff6e5794f08 memcpy_s 11 API calls 17946->17948 17949 7ff6e5791669 17947->17949 17950 7ff6e57913ca 17948->17950 17952 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 17949->17952 17953 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 17950->17953 17951->17644 17952->17951 17953->17945 17955 7ff6e5790704 17954->17955 17982 7ff6e5790464 17955->17982 17957 7ff6e579071d 17957->17297 17994 7ff6e57903bc 17958->17994 17962 7ff6e578c850 17961->17962 17963 7ff6e5782930 GetCurrentProcessId 17962->17963 17964 7ff6e5781c80 49 API calls 17963->17964 17965 7ff6e5782979 17964->17965 18008 7ff6e5794984 17965->18008 17970 7ff6e5781c80 49 API calls 17971 7ff6e57829ff 17970->17971 18038 7ff6e5782620 17971->18038 17974 7ff6e578c550 _log10_special 8 API calls 17975 7ff6e5782a31 17974->17975 17975->17336 17977 7ff6e5790119 17976->17977 17981 7ff6e5781b89 17976->17981 17978 7ff6e5794f08 memcpy_s 11 API calls 17977->17978 17979 7ff6e579011e 17978->17979 17980 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 17979->17980 17980->17981 17981->17335 17981->17336 17983 7ff6e57904ce 17982->17983 17984 7ff6e579048e 17982->17984 17983->17984 17986 7ff6e57904da 17983->17986 17985 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 17984->17985 17992 7ff6e57904b5 17985->17992 17993 7ff6e579546c EnterCriticalSection 17986->17993 17992->17957 17995 7ff6e57903e6 17994->17995 17996 7ff6e5781a20 17994->17996 17995->17996 17997 7ff6e5790432 17995->17997 17998 7ff6e57903f5 memcpy_s 17995->17998 17996->17305 17996->17306 18007 7ff6e579546c EnterCriticalSection 17997->18007 18000 7ff6e5794f08 memcpy_s 11 API calls 17998->18000 18002 7ff6e579040a 18000->18002 18004 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18002->18004 18004->17996 18009 7ff6e57949de 18008->18009 18010 7ff6e5794a03 18009->18010 18012 7ff6e5794a3f 18009->18012 18011 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18010->18011 18014 7ff6e5794a2d 18011->18014 18047 7ff6e5792c10 18012->18047 18016 7ff6e578c550 _log10_special 8 API calls 18014->18016 18015 7ff6e5794b1c 18017 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18015->18017 18018 7ff6e57829c3 18016->18018 18017->18014 18026 7ff6e5795160 18018->18026 18020 7ff6e5794b40 18020->18015 18022 7ff6e5794b4a 18020->18022 18021 7ff6e5794af1 18023 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18021->18023 18025 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18022->18025 18023->18014 18024 7ff6e5794ae8 18024->18015 18024->18021 18025->18014 18027 7ff6e579b2c8 memcpy_s 11 API calls 18026->18027 18028 7ff6e5795177 18027->18028 18029 7ff6e57829e5 18028->18029 18030 7ff6e579eb98 memcpy_s 11 API calls 18028->18030 18033 7ff6e57951b7 18028->18033 18029->17970 18031 7ff6e57951ac 18030->18031 18032 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18031->18032 18032->18033 18033->18029 18182 7ff6e579ec20 18033->18182 18036 7ff6e579a900 _isindst 17 API calls 18037 7ff6e57951fc 18036->18037 18039 7ff6e578262f 18038->18039 18040 7ff6e5789390 2 API calls 18039->18040 18041 7ff6e5782660 18040->18041 18042 7ff6e5782683 MessageBoxA 18041->18042 18043 7ff6e578266f MessageBoxW 18041->18043 18044 7ff6e5782690 18042->18044 18043->18044 18045 7ff6e578c550 _log10_special 8 API calls 18044->18045 18046 7ff6e57826a0 18045->18046 18046->17974 18048 7ff6e5792c4e 18047->18048 18053 7ff6e5792c3e 18047->18053 18049 7ff6e5792c57 18048->18049 18055 7ff6e5792c85 18048->18055 18050 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18049->18050 18052 7ff6e5792c7d 18050->18052 18051 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18051->18052 18052->18015 18052->18020 18052->18021 18052->18024 18053->18051 18054 7ff6e57947c0 45 API calls 18054->18055 18055->18052 18055->18053 18055->18054 18057 7ff6e5792f34 18055->18057 18061 7ff6e57935a0 18055->18061 18087 7ff6e5793268 18055->18087 18117 7ff6e5792af0 18055->18117 18059 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18057->18059 18059->18053 18062 7ff6e57935e2 18061->18062 18063 7ff6e5793655 18061->18063 18064 7ff6e579367f 18062->18064 18065 7ff6e57935e8 18062->18065 18066 7ff6e57936af 18063->18066 18067 7ff6e579365a 18063->18067 18134 7ff6e5791b50 18064->18134 18072 7ff6e57935ed 18065->18072 18076 7ff6e57936be 18065->18076 18066->18064 18066->18076 18085 7ff6e5793618 18066->18085 18068 7ff6e579368f 18067->18068 18069 7ff6e579365c 18067->18069 18141 7ff6e5791740 18068->18141 18071 7ff6e57935fd 18069->18071 18075 7ff6e579366b 18069->18075 18086 7ff6e57936ed 18071->18086 18120 7ff6e5793f04 18071->18120 18072->18071 18077 7ff6e5793630 18072->18077 18072->18085 18075->18064 18079 7ff6e5793670 18075->18079 18076->18086 18148 7ff6e5791f60 18076->18148 18077->18086 18130 7ff6e57943c0 18077->18130 18082 7ff6e5794558 37 API calls 18079->18082 18079->18086 18081 7ff6e578c550 _log10_special 8 API calls 18083 7ff6e5793983 18081->18083 18082->18085 18083->18055 18085->18086 18155 7ff6e579e858 18085->18155 18086->18081 18088 7ff6e5793273 18087->18088 18089 7ff6e5793289 18087->18089 18090 7ff6e57935e2 18088->18090 18091 7ff6e5793655 18088->18091 18093 7ff6e57932c7 18088->18093 18092 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18089->18092 18089->18093 18094 7ff6e579367f 18090->18094 18095 7ff6e57935e8 18090->18095 18096 7ff6e57936af 18091->18096 18097 7ff6e579365a 18091->18097 18092->18093 18093->18055 18100 7ff6e5791b50 38 API calls 18094->18100 18104 7ff6e57935ed 18095->18104 18107 7ff6e57936be 18095->18107 18096->18094 18096->18107 18115 7ff6e5793618 18096->18115 18098 7ff6e579368f 18097->18098 18099 7ff6e579365c 18097->18099 18102 7ff6e5791740 38 API calls 18098->18102 18101 7ff6e57935fd 18099->18101 18105 7ff6e579366b 18099->18105 18100->18115 18103 7ff6e5793f04 47 API calls 18101->18103 18116 7ff6e57936ed 18101->18116 18102->18115 18103->18115 18104->18101 18106 7ff6e5793630 18104->18106 18104->18115 18105->18094 18109 7ff6e5793670 18105->18109 18110 7ff6e57943c0 47 API calls 18106->18110 18106->18116 18108 7ff6e5791f60 38 API calls 18107->18108 18107->18116 18108->18115 18112 7ff6e5794558 37 API calls 18109->18112 18109->18116 18110->18115 18111 7ff6e578c550 _log10_special 8 API calls 18113 7ff6e5793983 18111->18113 18112->18115 18113->18055 18114 7ff6e579e858 47 API calls 18114->18115 18115->18114 18115->18116 18116->18111 18165 7ff6e5790d14 18117->18165 18121 7ff6e5793f26 18120->18121 18122 7ff6e5790b80 12 API calls 18121->18122 18123 7ff6e5793f6e 18122->18123 18124 7ff6e579e570 46 API calls 18123->18124 18125 7ff6e5794041 18124->18125 18126 7ff6e57947c0 45 API calls 18125->18126 18128 7ff6e5794063 18125->18128 18126->18128 18127 7ff6e57947c0 45 API calls 18129 7ff6e57940ec 18127->18129 18128->18127 18128->18128 18128->18129 18129->18085 18131 7ff6e5794440 18130->18131 18132 7ff6e57943d8 18130->18132 18131->18085 18132->18131 18133 7ff6e579e858 47 API calls 18132->18133 18133->18131 18136 7ff6e5791b83 18134->18136 18135 7ff6e5791bb2 18137 7ff6e5790b80 12 API calls 18135->18137 18140 7ff6e5791bef 18135->18140 18136->18135 18138 7ff6e5791c6f 18136->18138 18137->18140 18139 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18138->18139 18139->18140 18140->18085 18142 7ff6e5791773 18141->18142 18143 7ff6e57917a2 18142->18143 18145 7ff6e579185f 18142->18145 18144 7ff6e5790b80 12 API calls 18143->18144 18147 7ff6e57917df 18143->18147 18144->18147 18146 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18145->18146 18146->18147 18147->18085 18149 7ff6e5791f93 18148->18149 18150 7ff6e5791fc2 18149->18150 18153 7ff6e579207f 18149->18153 18151 7ff6e5791fff 18150->18151 18152 7ff6e5790b80 12 API calls 18150->18152 18151->18085 18152->18151 18154 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18153->18154 18154->18151 18156 7ff6e579e880 18155->18156 18157 7ff6e579e8c5 18156->18157 18159 7ff6e57947c0 45 API calls 18156->18159 18160 7ff6e579e8ae memcpy_s 18156->18160 18164 7ff6e579e885 memcpy_s 18156->18164 18157->18160 18161 7ff6e57a07e8 WideCharToMultiByte 18157->18161 18157->18164 18158 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18158->18164 18159->18157 18160->18158 18160->18164 18162 7ff6e579e9a1 18161->18162 18163 7ff6e579e9b6 GetLastError 18162->18163 18162->18164 18163->18160 18163->18164 18164->18085 18166 7ff6e5790d41 18165->18166 18167 7ff6e5790d53 18165->18167 18168 7ff6e5794f08 memcpy_s 11 API calls 18166->18168 18170 7ff6e5790d60 18167->18170 18173 7ff6e5790d9d 18167->18173 18169 7ff6e5790d46 18168->18169 18171 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18169->18171 18172 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 18170->18172 18179 7ff6e5790d51 18171->18179 18172->18179 18174 7ff6e5790e46 18173->18174 18175 7ff6e5794f08 memcpy_s 11 API calls 18173->18175 18176 7ff6e5794f08 memcpy_s 11 API calls 18174->18176 18174->18179 18177 7ff6e5790e3b 18175->18177 18178 7ff6e5790ef0 18176->18178 18180 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18177->18180 18181 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18178->18181 18179->18055 18180->18174 18181->18179 18186 7ff6e579ec3d 18182->18186 18183 7ff6e579ec42 18184 7ff6e57951dd 18183->18184 18185 7ff6e5794f08 memcpy_s 11 API calls 18183->18185 18184->18029 18184->18036 18187 7ff6e579ec4c 18185->18187 18186->18183 18186->18184 18189 7ff6e579ec8c 18186->18189 18188 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18187->18188 18188->18184 18189->18184 18190 7ff6e5794f08 memcpy_s 11 API calls 18189->18190 18190->18187 18192 7ff6e57885b1 GetTokenInformation 18191->18192 18195 7ff6e5788633 __vcrt_freefls 18191->18195 18193 7ff6e57885d2 GetLastError 18192->18193 18194 7ff6e57885dd 18192->18194 18193->18194 18193->18195 18194->18195 18198 7ff6e57885f9 GetTokenInformation 18194->18198 18196 7ff6e5788646 CloseHandle 18195->18196 18197 7ff6e578864c 18195->18197 18196->18197 18197->17354 18198->18195 18199 7ff6e578861c 18198->18199 18199->18195 18200 7ff6e5788626 ConvertSidToStringSidW 18199->18200 18200->18195 18202 7ff6e578c850 18201->18202 18203 7ff6e5782b74 GetCurrentProcessId 18202->18203 18204 7ff6e57826b0 48 API calls 18203->18204 18205 7ff6e5782bc7 18204->18205 18206 7ff6e5794bd8 48 API calls 18205->18206 18207 7ff6e5782c10 MessageBoxW 18206->18207 18208 7ff6e578c550 _log10_special 8 API calls 18207->18208 18209 7ff6e5782c40 18208->18209 18209->17365 18211 7ff6e57825e5 18210->18211 18212 7ff6e5794bd8 48 API calls 18211->18212 18213 7ff6e5782604 18212->18213 18213->17374 18259 7ff6e5798794 18214->18259 18218 7ff6e57881dc 18217->18218 18219 7ff6e5789390 2 API calls 18218->18219 18220 7ff6e57881fb 18219->18220 18221 7ff6e5788203 18220->18221 18222 7ff6e5788216 ExpandEnvironmentStringsW 18220->18222 18223 7ff6e5782810 49 API calls 18221->18223 18224 7ff6e578823c __vcrt_freefls 18222->18224 18300 7ff6e57a1558 18259->18300 18398 7ff6e578456a 18397->18398 18399 7ff6e5789390 2 API calls 18398->18399 18400 7ff6e578458f 18399->18400 18401 7ff6e578c550 _log10_special 8 API calls 18400->18401 18402 7ff6e57845b7 18401->18402 18402->17417 18405 7ff6e5787e2e 18403->18405 18404 7ff6e5787f52 18407 7ff6e578c550 _log10_special 8 API calls 18404->18407 18405->18404 18406 7ff6e5781c80 49 API calls 18405->18406 18410 7ff6e5787eb5 18406->18410 18408 7ff6e5787f83 18407->18408 18408->17417 18409 7ff6e5781c80 49 API calls 18409->18410 18410->18404 18410->18409 18411 7ff6e5784560 10 API calls 18410->18411 18412 7ff6e5789390 2 API calls 18410->18412 18411->18410 18413 7ff6e5787f23 CreateDirectoryW 18412->18413 18413->18404 18413->18410 18415 7ff6e5781637 18414->18415 18416 7ff6e5781613 18414->18416 18418 7ff6e57845c0 108 API calls 18415->18418 18535 7ff6e5781050 18416->18535 18420 7ff6e578164b 18418->18420 18419 7ff6e5781618 18422 7ff6e5781653 18420->18422 18423 7ff6e5781682 18420->18423 18426 7ff6e5794f08 memcpy_s 11 API calls 18422->18426 18424 7ff6e57845c0 108 API calls 18423->18424 18427 7ff6e5781696 18424->18427 18428 7ff6e5781658 18426->18428 18430 7ff6e57816b8 18427->18430 18431 7ff6e578169e 18427->18431 18429 7ff6e5782910 54 API calls 18428->18429 18432 7ff6e5781671 18429->18432 18434 7ff6e57906d4 73 API calls 18430->18434 18433 7ff6e5782710 54 API calls 18431->18433 18432->17417 18435 7ff6e57816ae 18433->18435 18436 7ff6e57816cd 18434->18436 18463 7ff6e5787144 18462->18463 18464 7ff6e578718b 18462->18464 18463->18464 18599 7ff6e5795024 18463->18599 18464->17417 18467 7ff6e57841a1 18466->18467 18468 7ff6e57844e0 49 API calls 18467->18468 18469 7ff6e57841db 18468->18469 18470 7ff6e57844e0 49 API calls 18469->18470 18471 7ff6e57841eb 18470->18471 18472 7ff6e578420d 18471->18472 18473 7ff6e578423c 18471->18473 18614 7ff6e5784110 18472->18614 18475 7ff6e5784110 51 API calls 18473->18475 18476 7ff6e578423a 18475->18476 18511 7ff6e5781c80 49 API calls 18510->18511 18512 7ff6e5784474 18511->18512 18512->17417 18536 7ff6e57845c0 108 API calls 18535->18536 18537 7ff6e578108c 18536->18537 18538 7ff6e57810a9 18537->18538 18539 7ff6e5781094 18537->18539 18541 7ff6e57906d4 73 API calls 18538->18541 18540 7ff6e5782710 54 API calls 18539->18540 18547 7ff6e57810a4 __vcrt_freefls 18540->18547 18542 7ff6e57810bf 18541->18542 18543 7ff6e57810e6 18542->18543 18544 7ff6e57810c3 18542->18544 18547->18419 18600 7ff6e579505e 18599->18600 18601 7ff6e5795031 18599->18601 18603 7ff6e5795081 18600->18603 18604 7ff6e579509d 18600->18604 18602 7ff6e5794f08 memcpy_s 11 API calls 18601->18602 18609 7ff6e5794fe8 18601->18609 18605 7ff6e579503b 18602->18605 18606 7ff6e5794f08 memcpy_s 11 API calls 18603->18606 18607 7ff6e5794f4c 45 API calls 18604->18607 18608 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18605->18608 18610 7ff6e5795086 18606->18610 18613 7ff6e5795091 18607->18613 18611 7ff6e5795046 18608->18611 18609->18463 18612 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18610->18612 18611->18463 18612->18613 18613->18463 18615 7ff6e5784136 18614->18615 18678 7ff6e5795ec8 18677->18678 18679 7ff6e5795eee 18678->18679 18681 7ff6e5795f21 18678->18681 18680 7ff6e5794f08 memcpy_s 11 API calls 18679->18680 18682 7ff6e5795ef3 18680->18682 18683 7ff6e5795f34 18681->18683 18684 7ff6e5795f27 18681->18684 18685 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 18682->18685 18696 7ff6e579ac28 18683->18696 18686 7ff6e5794f08 memcpy_s 11 API calls 18684->18686 18688 7ff6e5784616 18685->18688 18686->18688 18688->17442 18709 7ff6e57a02d8 EnterCriticalSection 18696->18709 19069 7ff6e57978f8 19068->19069 19072 7ff6e57973d4 19069->19072 19071 7ff6e5797911 19071->17450 19073 7ff6e579741e 19072->19073 19074 7ff6e57973ef 19072->19074 19082 7ff6e579546c EnterCriticalSection 19073->19082 19075 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 19074->19075 19081 7ff6e579740f 19075->19081 19081->19071 19084 7ff6e578fe71 19083->19084 19085 7ff6e578fe43 19083->19085 19092 7ff6e578fe63 19084->19092 19093 7ff6e579546c EnterCriticalSection 19084->19093 19086 7ff6e579a814 _invalid_parameter_noinfo 37 API calls 19085->19086 19086->19092 19092->17456 19095 7ff6e57845c0 108 API calls 19094->19095 19096 7ff6e5781493 19095->19096 19097 7ff6e57814bc 19096->19097 19098 7ff6e578149b 19096->19098 19100 7ff6e57906d4 73 API calls 19097->19100 19099 7ff6e5782710 54 API calls 19098->19099 19201 7ff6e5786375 19200->19201 19202 7ff6e5781c80 49 API calls 19201->19202 19203 7ff6e57863b1 19202->19203 19204 7ff6e57863dd 19203->19204 19205 7ff6e57863ba 19203->19205 19207 7ff6e5784630 49 API calls 19204->19207 19206 7ff6e5782710 54 API calls 19205->19206 19230 7ff6e57863d3 19206->19230 19208 7ff6e57863f5 19207->19208 19209 7ff6e5786413 19208->19209 19211 7ff6e5782710 54 API calls 19208->19211 19212 7ff6e5784560 10 API calls 19209->19212 19210 7ff6e578c550 _log10_special 8 API calls 19213 7ff6e578336e 19210->19213 19211->19209 19230->19210 19475 7ff6e579b150 __GetCurrentState 45 API calls 19474->19475 19476 7ff6e579a3e1 19475->19476 19477 7ff6e579a504 __GetCurrentState 45 API calls 19476->19477 19478 7ff6e579a401 19477->19478 20459 7ff6e578cb50 20460 7ff6e578cb60 20459->20460 20476 7ff6e5799ba8 20460->20476 20462 7ff6e578cb6c 20482 7ff6e578ce48 20462->20482 20464 7ff6e578d12c 7 API calls 20466 7ff6e578cc05 20464->20466 20465 7ff6e578cb84 _RTC_Initialize 20474 7ff6e578cbd9 20465->20474 20487 7ff6e578cff8 20465->20487 20468 7ff6e578cb99 20490 7ff6e5799014 20468->20490 20474->20464 20475 7ff6e578cbf5 20474->20475 20477 7ff6e5799bb9 20476->20477 20478 7ff6e5799bc1 20477->20478 20479 7ff6e5794f08 memcpy_s 11 API calls 20477->20479 20478->20462 20480 7ff6e5799bd0 20479->20480 20481 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 20480->20481 20481->20478 20483 7ff6e578ce59 20482->20483 20486 7ff6e578ce5e __scrt_acquire_startup_lock 20482->20486 20484 7ff6e578d12c 7 API calls 20483->20484 20483->20486 20485 7ff6e578ced2 20484->20485 20486->20465 20515 7ff6e578cfbc 20487->20515 20489 7ff6e578d001 20489->20468 20491 7ff6e5799034 20490->20491 20505 7ff6e578cba5 20490->20505 20492 7ff6e5799052 GetModuleFileNameW 20491->20492 20493 7ff6e579903c 20491->20493 20497 7ff6e579907d 20492->20497 20494 7ff6e5794f08 memcpy_s 11 API calls 20493->20494 20495 7ff6e5799041 20494->20495 20496 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 20495->20496 20496->20505 20498 7ff6e5798fb4 11 API calls 20497->20498 20499 7ff6e57990bd 20498->20499 20500 7ff6e57990c5 20499->20500 20503 7ff6e57990dd 20499->20503 20501 7ff6e5794f08 memcpy_s 11 API calls 20500->20501 20502 7ff6e57990ca 20501->20502 20504 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20502->20504 20507 7ff6e5799144 20503->20507 20508 7ff6e579912b 20503->20508 20513 7ff6e57990ff 20503->20513 20504->20505 20505->20474 20514 7ff6e578d0cc InitializeSListHead 20505->20514 20506 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20506->20505 20511 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20507->20511 20509 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20508->20509 20510 7ff6e5799134 20509->20510 20512 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20510->20512 20511->20513 20512->20505 20513->20506 20516 7ff6e578cfd6 20515->20516 20518 7ff6e578cfcf 20515->20518 20519 7ff6e579a1ec 20516->20519 20518->20489 20522 7ff6e5799e28 20519->20522 20529 7ff6e57a02d8 EnterCriticalSection 20522->20529 20266 7ff6e579afd0 20267 7ff6e579afea 20266->20267 20268 7ff6e579afd5 20266->20268 20272 7ff6e579aff0 20268->20272 20273 7ff6e579b03a 20272->20273 20274 7ff6e579b032 20272->20274 20276 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20273->20276 20275 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20274->20275 20275->20273 20277 7ff6e579b047 20276->20277 20278 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20277->20278 20279 7ff6e579b054 20278->20279 20280 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20279->20280 20281 7ff6e579b061 20280->20281 20282 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20281->20282 20283 7ff6e579b06e 20282->20283 20284 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20283->20284 20285 7ff6e579b07b 20284->20285 20286 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20285->20286 20287 7ff6e579b088 20286->20287 20288 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20287->20288 20289 7ff6e579b095 20288->20289 20290 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20289->20290 20291 7ff6e579b0a5 20290->20291 20292 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20291->20292 20293 7ff6e579b0b5 20292->20293 20298 7ff6e579ae94 20293->20298 20312 7ff6e57a02d8 EnterCriticalSection 20298->20312 20533 7ff6e5799d50 20536 7ff6e5799ccc 20533->20536 20543 7ff6e57a02d8 EnterCriticalSection 20536->20543 16373 7ff6e57a08c8 16374 7ff6e57a08ec 16373->16374 16376 7ff6e57a08fc 16373->16376 16375 7ff6e5794f08 memcpy_s 11 API calls 16374->16375 16397 7ff6e57a08f1 16375->16397 16377 7ff6e57a0bdc 16376->16377 16378 7ff6e57a091e 16376->16378 16379 7ff6e5794f08 memcpy_s 11 API calls 16377->16379 16380 7ff6e57a093f 16378->16380 16522 7ff6e57a0f84 16378->16522 16381 7ff6e57a0be1 16379->16381 16384 7ff6e57a09b1 16380->16384 16386 7ff6e57a0965 16380->16386 16391 7ff6e57a09a5 16380->16391 16383 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16381->16383 16383->16397 16388 7ff6e579eb98 memcpy_s 11 API calls 16384->16388 16402 7ff6e57a0974 16384->16402 16385 7ff6e57a0a5e 16396 7ff6e57a0a7b 16385->16396 16403 7ff6e57a0acd 16385->16403 16537 7ff6e57996c0 16386->16537 16392 7ff6e57a09c7 16388->16392 16390 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16390->16397 16391->16385 16391->16402 16543 7ff6e57a712c 16391->16543 16398 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16392->16398 16394 7ff6e57a096f 16400 7ff6e5794f08 memcpy_s 11 API calls 16394->16400 16395 7ff6e57a098d 16395->16391 16405 7ff6e57a0f84 45 API calls 16395->16405 16401 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16396->16401 16399 7ff6e57a09d5 16398->16399 16399->16391 16399->16402 16407 7ff6e579eb98 memcpy_s 11 API calls 16399->16407 16400->16402 16404 7ff6e57a0a84 16401->16404 16402->16390 16403->16402 16406 7ff6e57a33dc 40 API calls 16403->16406 16415 7ff6e57a0a89 16404->16415 16579 7ff6e57a33dc 16404->16579 16405->16391 16408 7ff6e57a0b0a 16406->16408 16409 7ff6e57a09f7 16407->16409 16410 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16408->16410 16412 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16409->16412 16413 7ff6e57a0b14 16410->16413 16412->16391 16413->16402 16413->16415 16414 7ff6e57a0bd0 16417 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16414->16417 16415->16414 16419 7ff6e579eb98 memcpy_s 11 API calls 16415->16419 16416 7ff6e57a0ab5 16418 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16416->16418 16417->16397 16418->16415 16420 7ff6e57a0b58 16419->16420 16421 7ff6e57a0b60 16420->16421 16422 7ff6e57a0b69 16420->16422 16423 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16421->16423 16504 7ff6e579a4a4 16422->16504 16425 7ff6e57a0b67 16423->16425 16429 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16425->16429 16427 7ff6e57a0b80 16588 7ff6e57a7244 16427->16588 16428 7ff6e57a0c0b 16431 7ff6e579a900 _isindst 17 API calls 16428->16431 16429->16397 16432 7ff6e57a0c1f 16431->16432 16434 7ff6e57a0c48 16432->16434 16442 7ff6e57a0c58 16432->16442 16437 7ff6e5794f08 memcpy_s 11 API calls 16434->16437 16435 7ff6e57a0ba7 16439 7ff6e5794f08 memcpy_s 11 API calls 16435->16439 16436 7ff6e57a0bc8 16438 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16436->16438 16440 7ff6e57a0c4d 16437->16440 16438->16414 16441 7ff6e57a0bac 16439->16441 16444 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16441->16444 16443 7ff6e57a0f3b 16442->16443 16445 7ff6e57a0c7a 16442->16445 16446 7ff6e5794f08 memcpy_s 11 API calls 16443->16446 16444->16425 16447 7ff6e57a0c97 16445->16447 16607 7ff6e57a106c 16445->16607 16448 7ff6e57a0f40 16446->16448 16451 7ff6e57a0d0b 16447->16451 16453 7ff6e57a0cbf 16447->16453 16461 7ff6e57a0cff 16447->16461 16450 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16448->16450 16450->16440 16456 7ff6e57a0d33 16451->16456 16457 7ff6e579eb98 memcpy_s 11 API calls 16451->16457 16471 7ff6e57a0cce 16451->16471 16452 7ff6e57a0dbe 16465 7ff6e57a0ddb 16452->16465 16472 7ff6e57a0e2e 16452->16472 16622 7ff6e57996fc 16453->16622 16459 7ff6e579eb98 memcpy_s 11 API calls 16456->16459 16456->16461 16456->16471 16462 7ff6e57a0d25 16457->16462 16466 7ff6e57a0d55 16459->16466 16460 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16460->16440 16461->16452 16461->16471 16628 7ff6e57a6fec 16461->16628 16467 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16462->16467 16463 7ff6e57a0ce7 16463->16461 16474 7ff6e57a106c 45 API calls 16463->16474 16464 7ff6e57a0cc9 16468 7ff6e5794f08 memcpy_s 11 API calls 16464->16468 16469 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16465->16469 16470 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16466->16470 16467->16456 16468->16471 16473 7ff6e57a0de4 16469->16473 16470->16461 16471->16460 16472->16471 16475 7ff6e57a33dc 40 API calls 16472->16475 16478 7ff6e57a33dc 40 API calls 16473->16478 16481 7ff6e57a0dea 16473->16481 16474->16461 16476 7ff6e57a0e6c 16475->16476 16477 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16476->16477 16479 7ff6e57a0e76 16477->16479 16482 7ff6e57a0e16 16478->16482 16479->16471 16479->16481 16480 7ff6e57a0f2f 16484 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16480->16484 16481->16480 16485 7ff6e579eb98 memcpy_s 11 API calls 16481->16485 16483 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16482->16483 16483->16481 16484->16440 16486 7ff6e57a0ebb 16485->16486 16487 7ff6e57a0ec3 16486->16487 16488 7ff6e57a0ecc 16486->16488 16489 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16487->16489 16513 7ff6e57a0474 16488->16513 16491 7ff6e57a0eca 16489->16491 16495 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16491->16495 16493 7ff6e57a0f6f 16498 7ff6e579a900 _isindst 17 API calls 16493->16498 16494 7ff6e57a0ee2 SetEnvironmentVariableW 16496 7ff6e57a0f27 16494->16496 16497 7ff6e57a0f06 16494->16497 16495->16440 16500 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16496->16500 16501 7ff6e5794f08 memcpy_s 11 API calls 16497->16501 16499 7ff6e57a0f83 16498->16499 16500->16480 16502 7ff6e57a0f0b 16501->16502 16503 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16502->16503 16503->16491 16505 7ff6e579a4bb 16504->16505 16506 7ff6e579a4b1 16504->16506 16507 7ff6e5794f08 memcpy_s 11 API calls 16505->16507 16506->16505 16511 7ff6e579a4d6 16506->16511 16508 7ff6e579a4c2 16507->16508 16509 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16508->16509 16510 7ff6e579a4ce 16509->16510 16510->16427 16510->16428 16511->16510 16512 7ff6e5794f08 memcpy_s 11 API calls 16511->16512 16512->16508 16514 7ff6e57a048b 16513->16514 16515 7ff6e57a0481 16513->16515 16516 7ff6e5794f08 memcpy_s 11 API calls 16514->16516 16515->16514 16517 7ff6e57a04a7 16515->16517 16521 7ff6e57a0493 16516->16521 16519 7ff6e57a049f 16517->16519 16520 7ff6e5794f08 memcpy_s 11 API calls 16517->16520 16518 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16518->16519 16519->16493 16519->16494 16520->16521 16521->16518 16523 7ff6e57a0fb9 16522->16523 16530 7ff6e57a0fa1 16522->16530 16524 7ff6e579eb98 memcpy_s 11 API calls 16523->16524 16533 7ff6e57a0fdd 16524->16533 16525 7ff6e57a1062 16527 7ff6e579a504 __GetCurrentState 45 API calls 16525->16527 16526 7ff6e57a103e 16529 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16526->16529 16528 7ff6e57a1068 16527->16528 16529->16530 16530->16380 16531 7ff6e579eb98 memcpy_s 11 API calls 16531->16533 16532 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16532->16533 16533->16525 16533->16526 16533->16531 16533->16532 16534 7ff6e579a4a4 __std_exception_copy 37 API calls 16533->16534 16535 7ff6e57a104d 16533->16535 16534->16533 16536 7ff6e579a900 _isindst 17 API calls 16535->16536 16536->16525 16538 7ff6e57996d0 16537->16538 16541 7ff6e57996d9 16537->16541 16538->16541 16652 7ff6e5799198 16538->16652 16541->16394 16541->16395 16544 7ff6e57a6254 16543->16544 16545 7ff6e57a7139 16543->16545 16546 7ff6e57a6261 16544->16546 16552 7ff6e57a6297 16544->16552 16547 7ff6e5794f4c 45 API calls 16545->16547 16550 7ff6e5794f08 memcpy_s 11 API calls 16546->16550 16564 7ff6e57a6208 16546->16564 16549 7ff6e57a716d 16547->16549 16548 7ff6e57a62c1 16551 7ff6e5794f08 memcpy_s 11 API calls 16548->16551 16555 7ff6e57a7183 16549->16555 16559 7ff6e57a719a 16549->16559 16578 7ff6e57a7172 16549->16578 16553 7ff6e57a626b 16550->16553 16554 7ff6e57a62c6 16551->16554 16552->16548 16556 7ff6e57a62e6 16552->16556 16557 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16553->16557 16558 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16554->16558 16560 7ff6e5794f08 memcpy_s 11 API calls 16555->16560 16566 7ff6e5794f4c 45 API calls 16556->16566 16567 7ff6e57a62d1 16556->16567 16561 7ff6e57a6276 16557->16561 16558->16567 16562 7ff6e57a71a4 16559->16562 16563 7ff6e57a71b6 16559->16563 16565 7ff6e57a7188 16560->16565 16561->16391 16568 7ff6e5794f08 memcpy_s 11 API calls 16562->16568 16569 7ff6e57a71de 16563->16569 16570 7ff6e57a71c7 16563->16570 16564->16391 16571 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16565->16571 16566->16567 16567->16391 16572 7ff6e57a71a9 16568->16572 16914 7ff6e57a8f4c 16569->16914 16905 7ff6e57a62a4 16570->16905 16571->16578 16575 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16572->16575 16575->16578 16577 7ff6e5794f08 memcpy_s 11 API calls 16577->16578 16578->16391 16580 7ff6e57a33fe 16579->16580 16582 7ff6e57a341b 16579->16582 16581 7ff6e57a340c 16580->16581 16580->16582 16584 7ff6e5794f08 memcpy_s 11 API calls 16581->16584 16583 7ff6e57a3425 16582->16583 16954 7ff6e57a7c38 16582->16954 16961 7ff6e57a7c74 16583->16961 16587 7ff6e57a3411 memcpy_s 16584->16587 16587->16416 16589 7ff6e5794f4c 45 API calls 16588->16589 16590 7ff6e57a72aa 16589->16590 16592 7ff6e57a72b8 16590->16592 16973 7ff6e579ef24 16590->16973 16976 7ff6e57954ac 16592->16976 16595 7ff6e57a73a4 16598 7ff6e57a73b5 16595->16598 16600 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16595->16600 16596 7ff6e5794f4c 45 API calls 16597 7ff6e57a7327 16596->16597 16601 7ff6e579ef24 5 API calls 16597->16601 16605 7ff6e57a7330 16597->16605 16599 7ff6e57a0ba3 16598->16599 16602 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16598->16602 16599->16435 16599->16436 16600->16598 16601->16605 16602->16599 16603 7ff6e57954ac 14 API calls 16604 7ff6e57a738b 16603->16604 16604->16595 16606 7ff6e57a7393 SetEnvironmentVariableW 16604->16606 16605->16603 16606->16595 16608 7ff6e57a108f 16607->16608 16609 7ff6e57a10ac 16607->16609 16608->16447 16610 7ff6e579eb98 memcpy_s 11 API calls 16609->16610 16615 7ff6e57a10d0 16610->16615 16611 7ff6e57a1131 16614 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16611->16614 16612 7ff6e579a504 __GetCurrentState 45 API calls 16613 7ff6e57a115a 16612->16613 16614->16608 16615->16611 16616 7ff6e579eb98 memcpy_s 11 API calls 16615->16616 16617 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16615->16617 16618 7ff6e57a0474 37 API calls 16615->16618 16619 7ff6e57a1140 16615->16619 16621 7ff6e57a1154 16615->16621 16616->16615 16617->16615 16618->16615 16620 7ff6e579a900 _isindst 17 API calls 16619->16620 16620->16621 16621->16612 16623 7ff6e5799715 16622->16623 16624 7ff6e579970c 16622->16624 16623->16463 16623->16464 16624->16623 16998 7ff6e579920c 16624->16998 16629 7ff6e57a6ff9 16628->16629 16632 7ff6e57a7026 16628->16632 16630 7ff6e57a6ffe 16629->16630 16629->16632 16631 7ff6e5794f08 memcpy_s 11 API calls 16630->16631 16634 7ff6e57a7003 16631->16634 16633 7ff6e57a706a 16632->16633 16636 7ff6e57a7089 16632->16636 16650 7ff6e57a705e __crtLCMapStringW 16632->16650 16635 7ff6e5794f08 memcpy_s 11 API calls 16633->16635 16637 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16634->16637 16638 7ff6e57a706f 16635->16638 16639 7ff6e57a7093 16636->16639 16640 7ff6e57a70a5 16636->16640 16641 7ff6e57a700e 16637->16641 16643 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16638->16643 16644 7ff6e5794f08 memcpy_s 11 API calls 16639->16644 16642 7ff6e5794f4c 45 API calls 16640->16642 16641->16461 16645 7ff6e57a70b2 16642->16645 16643->16650 16646 7ff6e57a7098 16644->16646 16645->16650 17045 7ff6e57a8b08 16645->17045 16647 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16646->16647 16647->16650 16650->16461 16651 7ff6e5794f08 memcpy_s 11 API calls 16651->16650 16653 7ff6e57991b1 16652->16653 16663 7ff6e57991ad 16652->16663 16675 7ff6e57a25f0 16653->16675 16658 7ff6e57991cf 16701 7ff6e579927c 16658->16701 16659 7ff6e57991c3 16661 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16659->16661 16661->16663 16663->16541 16667 7ff6e57994ec 16663->16667 16664 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16665 7ff6e57991f6 16664->16665 16666 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16665->16666 16666->16663 16672 7ff6e5799515 16667->16672 16673 7ff6e579952e 16667->16673 16668 7ff6e57a07e8 WideCharToMultiByte 16668->16673 16669 7ff6e579eb98 memcpy_s 11 API calls 16669->16673 16670 7ff6e57995be 16671 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16670->16671 16671->16672 16672->16541 16673->16668 16673->16669 16673->16670 16673->16672 16674 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16673->16674 16674->16673 16676 7ff6e57991b6 16675->16676 16677 7ff6e57a25fd 16675->16677 16681 7ff6e57a292c GetEnvironmentStringsW 16676->16681 16720 7ff6e579b224 16677->16720 16682 7ff6e57991bb 16681->16682 16683 7ff6e57a295c 16681->16683 16682->16658 16682->16659 16684 7ff6e57a07e8 WideCharToMultiByte 16683->16684 16685 7ff6e57a29ad 16684->16685 16686 7ff6e57a29b4 FreeEnvironmentStringsW 16685->16686 16687 7ff6e579d5fc _fread_nolock 12 API calls 16685->16687 16686->16682 16688 7ff6e57a29c7 16687->16688 16689 7ff6e57a29cf 16688->16689 16690 7ff6e57a29d8 16688->16690 16691 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16689->16691 16692 7ff6e57a07e8 WideCharToMultiByte 16690->16692 16693 7ff6e57a29d6 16691->16693 16694 7ff6e57a29fb 16692->16694 16693->16686 16695 7ff6e57a29ff 16694->16695 16696 7ff6e57a2a09 16694->16696 16697 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16695->16697 16698 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16696->16698 16699 7ff6e57a2a07 FreeEnvironmentStringsW 16697->16699 16698->16699 16699->16682 16702 7ff6e57992a1 16701->16702 16703 7ff6e579eb98 memcpy_s 11 API calls 16702->16703 16714 7ff6e57992d7 16703->16714 16704 7ff6e57992df 16705 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16704->16705 16707 7ff6e57991d7 16705->16707 16706 7ff6e5799352 16708 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16706->16708 16707->16664 16708->16707 16709 7ff6e579eb98 memcpy_s 11 API calls 16709->16714 16710 7ff6e5799341 16899 7ff6e57994a8 16710->16899 16711 7ff6e579a4a4 __std_exception_copy 37 API calls 16711->16714 16714->16704 16714->16706 16714->16709 16714->16710 16714->16711 16715 7ff6e5799377 16714->16715 16718 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16714->16718 16717 7ff6e579a900 _isindst 17 API calls 16715->16717 16716 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16716->16704 16719 7ff6e579938a 16717->16719 16718->16714 16721 7ff6e579b250 FlsSetValue 16720->16721 16722 7ff6e579b235 FlsGetValue 16720->16722 16723 7ff6e579b25d 16721->16723 16724 7ff6e579b242 16721->16724 16722->16724 16725 7ff6e579b24a 16722->16725 16727 7ff6e579eb98 memcpy_s 11 API calls 16723->16727 16726 7ff6e579a504 __GetCurrentState 45 API calls 16724->16726 16728 7ff6e579b248 16724->16728 16725->16721 16729 7ff6e579b2c5 16726->16729 16730 7ff6e579b26c 16727->16730 16740 7ff6e57a22c4 16728->16740 16731 7ff6e579b28a FlsSetValue 16730->16731 16732 7ff6e579b27a FlsSetValue 16730->16732 16734 7ff6e579b296 FlsSetValue 16731->16734 16735 7ff6e579b2a8 16731->16735 16733 7ff6e579b283 16732->16733 16736 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16733->16736 16734->16733 16737 7ff6e579aef4 memcpy_s 11 API calls 16735->16737 16736->16724 16738 7ff6e579b2b0 16737->16738 16739 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16738->16739 16739->16728 16763 7ff6e57a2534 16740->16763 16742 7ff6e57a22f9 16778 7ff6e57a1fc4 16742->16778 16745 7ff6e579d5fc _fread_nolock 12 API calls 16746 7ff6e57a2327 16745->16746 16747 7ff6e57a232f 16746->16747 16749 7ff6e57a233e 16746->16749 16748 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16747->16748 16762 7ff6e57a2316 16748->16762 16749->16749 16785 7ff6e57a266c 16749->16785 16752 7ff6e57a243a 16753 7ff6e5794f08 memcpy_s 11 API calls 16752->16753 16754 7ff6e57a243f 16753->16754 16756 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16754->16756 16755 7ff6e57a2495 16761 7ff6e57a24fc 16755->16761 16796 7ff6e57a1df4 16755->16796 16756->16762 16757 7ff6e57a2454 16757->16755 16759 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16757->16759 16758 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16758->16762 16759->16755 16761->16758 16762->16676 16764 7ff6e57a2557 16763->16764 16766 7ff6e57a2561 16764->16766 16811 7ff6e57a02d8 EnterCriticalSection 16764->16811 16768 7ff6e57a25d3 16766->16768 16770 7ff6e579a504 __GetCurrentState 45 API calls 16766->16770 16768->16742 16772 7ff6e57a25eb 16770->16772 16774 7ff6e579b224 50 API calls 16772->16774 16777 7ff6e57a2642 16772->16777 16775 7ff6e57a262c 16774->16775 16776 7ff6e57a22c4 65 API calls 16775->16776 16776->16777 16777->16742 16779 7ff6e5794f4c 45 API calls 16778->16779 16780 7ff6e57a1fd8 16779->16780 16781 7ff6e57a1fe4 GetOEMCP 16780->16781 16782 7ff6e57a1ff6 16780->16782 16784 7ff6e57a200b 16781->16784 16783 7ff6e57a1ffb GetACP 16782->16783 16782->16784 16783->16784 16784->16745 16784->16762 16786 7ff6e57a1fc4 47 API calls 16785->16786 16787 7ff6e57a2699 16786->16787 16788 7ff6e57a27ef 16787->16788 16790 7ff6e57a26d6 IsValidCodePage 16787->16790 16795 7ff6e57a26f0 memcpy_s 16787->16795 16789 7ff6e578c550 _log10_special 8 API calls 16788->16789 16791 7ff6e57a2431 16789->16791 16790->16788 16792 7ff6e57a26e7 16790->16792 16791->16752 16791->16757 16793 7ff6e57a2716 GetCPInfo 16792->16793 16792->16795 16793->16788 16793->16795 16812 7ff6e57a20dc 16795->16812 16898 7ff6e57a02d8 EnterCriticalSection 16796->16898 16813 7ff6e57a2119 GetCPInfo 16812->16813 16822 7ff6e57a220f 16812->16822 16819 7ff6e57a212c 16813->16819 16813->16822 16814 7ff6e578c550 _log10_special 8 API calls 16816 7ff6e57a22ae 16814->16816 16816->16788 16823 7ff6e57a2e40 16819->16823 16822->16814 16824 7ff6e5794f4c 45 API calls 16823->16824 16825 7ff6e57a2e82 16824->16825 16843 7ff6e579f8a0 16825->16843 16844 7ff6e579f8a9 MultiByteToWideChar 16843->16844 16900 7ff6e5799349 16899->16900 16901 7ff6e57994ad 16899->16901 16900->16716 16902 7ff6e57994d6 16901->16902 16903 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16901->16903 16904 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16902->16904 16903->16901 16904->16900 16906 7ff6e57a62c1 16905->16906 16907 7ff6e57a62d8 16905->16907 16908 7ff6e5794f08 memcpy_s 11 API calls 16906->16908 16907->16906 16910 7ff6e57a62e6 16907->16910 16909 7ff6e57a62c6 16908->16909 16911 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16909->16911 16912 7ff6e57a62d1 16910->16912 16913 7ff6e5794f4c 45 API calls 16910->16913 16911->16912 16912->16578 16913->16912 16915 7ff6e5794f4c 45 API calls 16914->16915 16916 7ff6e57a8f71 16915->16916 16919 7ff6e57a8bc8 16916->16919 16922 7ff6e57a8c16 16919->16922 16920 7ff6e578c550 _log10_special 8 API calls 16921 7ff6e57a7205 16920->16921 16921->16577 16921->16578 16923 7ff6e57a8c9d 16922->16923 16925 7ff6e57a8c88 GetCPInfo 16922->16925 16928 7ff6e57a8ca1 16922->16928 16924 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 16923->16924 16923->16928 16926 7ff6e57a8d35 16924->16926 16925->16923 16925->16928 16927 7ff6e579d5fc _fread_nolock 12 API calls 16926->16927 16926->16928 16929 7ff6e57a8d6c 16926->16929 16927->16929 16928->16920 16929->16928 16930 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 16929->16930 16931 7ff6e57a8dda 16930->16931 16932 7ff6e57a8ebc 16931->16932 16933 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 16931->16933 16932->16928 16934 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16932->16934 16935 7ff6e57a8e00 16933->16935 16934->16928 16935->16932 16936 7ff6e579d5fc _fread_nolock 12 API calls 16935->16936 16937 7ff6e57a8e2d 16935->16937 16936->16937 16937->16932 16938 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 16937->16938 16939 7ff6e57a8ea4 16938->16939 16940 7ff6e57a8ec4 16939->16940 16941 7ff6e57a8eaa 16939->16941 16948 7ff6e579ef68 16940->16948 16941->16932 16944 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16941->16944 16944->16932 16945 7ff6e57a8f03 16945->16928 16947 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16945->16947 16946 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16946->16945 16947->16928 16949 7ff6e579ed10 __crtLCMapStringW 5 API calls 16948->16949 16950 7ff6e579efa6 16949->16950 16951 7ff6e579efae 16950->16951 16952 7ff6e579f1d0 __crtLCMapStringW 5 API calls 16950->16952 16951->16945 16951->16946 16953 7ff6e579f017 CompareStringW 16952->16953 16953->16951 16955 7ff6e57a7c41 16954->16955 16956 7ff6e57a7c5a HeapSize 16954->16956 16957 7ff6e5794f08 memcpy_s 11 API calls 16955->16957 16958 7ff6e57a7c46 16957->16958 16959 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16958->16959 16960 7ff6e57a7c51 16959->16960 16960->16583 16962 7ff6e57a7c93 16961->16962 16963 7ff6e57a7c89 16961->16963 16965 7ff6e57a7c98 16962->16965 16971 7ff6e57a7c9f memcpy_s 16962->16971 16964 7ff6e579d5fc _fread_nolock 12 API calls 16963->16964 16970 7ff6e57a7c91 16964->16970 16968 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16965->16968 16966 7ff6e57a7cd2 HeapReAlloc 16966->16970 16966->16971 16967 7ff6e57a7ca5 16969 7ff6e5794f08 memcpy_s 11 API calls 16967->16969 16968->16970 16969->16970 16970->16587 16971->16966 16971->16967 16972 7ff6e57a3590 memcpy_s 2 API calls 16971->16972 16972->16971 16974 7ff6e579ed10 __crtLCMapStringW 5 API calls 16973->16974 16975 7ff6e579ef44 16974->16975 16975->16592 16977 7ff6e57954d6 16976->16977 16978 7ff6e57954fa 16976->16978 16982 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16977->16982 16985 7ff6e57954e5 16977->16985 16979 7ff6e57954ff 16978->16979 16980 7ff6e5795554 16978->16980 16983 7ff6e5795514 16979->16983 16979->16985 16986 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16979->16986 16981 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 16980->16981 16992 7ff6e5795570 16981->16992 16982->16985 16987 7ff6e579d5fc _fread_nolock 12 API calls 16983->16987 16984 7ff6e5795577 GetLastError 16988 7ff6e5794e7c _fread_nolock 11 API calls 16984->16988 16985->16595 16985->16596 16986->16983 16987->16985 16990 7ff6e5795584 16988->16990 16989 7ff6e579f8a0 _fread_nolock MultiByteToWideChar 16993 7ff6e57955f6 16989->16993 16994 7ff6e5794f08 memcpy_s 11 API calls 16990->16994 16991 7ff6e57955a5 16996 7ff6e579d5fc _fread_nolock 12 API calls 16991->16996 16992->16984 16992->16991 16995 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16992->16995 16997 7ff6e57955b2 16992->16997 16993->16984 16993->16985 16994->16985 16995->16991 16996->16997 16997->16985 16997->16989 16999 7ff6e5799225 16998->16999 17010 7ff6e5799221 16998->17010 17019 7ff6e57a2a3c GetEnvironmentStringsW 16999->17019 17002 7ff6e579923e 17026 7ff6e579938c 17002->17026 17003 7ff6e5799232 17004 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17003->17004 17004->17010 17007 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17008 7ff6e5799265 17007->17008 17009 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17008->17009 17009->17010 17010->16623 17011 7ff6e57995cc 17010->17011 17012 7ff6e57995ef 17011->17012 17017 7ff6e5799606 17011->17017 17012->16623 17013 7ff6e579eb98 memcpy_s 11 API calls 17013->17017 17014 7ff6e579967a 17016 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17014->17016 17015 7ff6e579f8a0 MultiByteToWideChar _fread_nolock 17015->17017 17016->17012 17017->17012 17017->17013 17017->17014 17017->17015 17018 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17017->17018 17018->17017 17020 7ff6e57a2a60 17019->17020 17021 7ff6e579922a 17019->17021 17022 7ff6e579d5fc _fread_nolock 12 API calls 17020->17022 17021->17002 17021->17003 17024 7ff6e57a2a97 memcpy_s 17022->17024 17023 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17025 7ff6e57a2ab7 FreeEnvironmentStringsW 17023->17025 17024->17023 17025->17021 17027 7ff6e57993b4 17026->17027 17028 7ff6e579eb98 memcpy_s 11 API calls 17027->17028 17037 7ff6e57993ef 17028->17037 17029 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17030 7ff6e5799246 17029->17030 17030->17007 17031 7ff6e5799471 17032 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17031->17032 17032->17030 17033 7ff6e579eb98 memcpy_s 11 API calls 17033->17037 17034 7ff6e5799460 17035 7ff6e57994a8 11 API calls 17034->17035 17038 7ff6e5799468 17035->17038 17036 7ff6e57a0474 37 API calls 17036->17037 17037->17031 17037->17033 17037->17034 17037->17036 17039 7ff6e5799494 17037->17039 17041 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17037->17041 17042 7ff6e57993f7 17037->17042 17040 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17038->17040 17043 7ff6e579a900 _isindst 17 API calls 17039->17043 17040->17042 17041->17037 17042->17029 17044 7ff6e57994a6 17043->17044 17046 7ff6e57a8b31 __crtLCMapStringW 17045->17046 17047 7ff6e57a70ee 17046->17047 17048 7ff6e579ef68 6 API calls 17046->17048 17047->16650 17047->16651 17048->17047 15918 7ff6e578bae0 15919 7ff6e578bb0e 15918->15919 15920 7ff6e578baf5 15918->15920 15920->15919 15923 7ff6e579d5fc 15920->15923 15924 7ff6e579d647 15923->15924 15928 7ff6e579d60b memcpy_s 15923->15928 15933 7ff6e5794f08 15924->15933 15925 7ff6e579d62e HeapAlloc 15927 7ff6e578bb6e 15925->15927 15925->15928 15928->15924 15928->15925 15930 7ff6e57a3590 15928->15930 15936 7ff6e57a35d0 15930->15936 15942 7ff6e579b2c8 GetLastError 15933->15942 15935 7ff6e5794f11 15935->15927 15941 7ff6e57a02d8 EnterCriticalSection 15936->15941 15943 7ff6e579b309 FlsSetValue 15942->15943 15946 7ff6e579b2ec 15942->15946 15944 7ff6e579b2f9 SetLastError 15943->15944 15945 7ff6e579b31b 15943->15945 15944->15935 15959 7ff6e579eb98 15945->15959 15946->15943 15946->15944 15950 7ff6e579b348 FlsSetValue 15953 7ff6e579b354 FlsSetValue 15950->15953 15954 7ff6e579b366 15950->15954 15951 7ff6e579b338 FlsSetValue 15952 7ff6e579b341 15951->15952 15966 7ff6e579a948 15952->15966 15953->15952 15972 7ff6e579aef4 15954->15972 15964 7ff6e579eba9 memcpy_s 15959->15964 15960 7ff6e579ebfa 15963 7ff6e5794f08 memcpy_s 10 API calls 15960->15963 15961 7ff6e579ebde HeapAlloc 15962 7ff6e579b32a 15961->15962 15961->15964 15962->15950 15962->15951 15963->15962 15964->15960 15964->15961 15965 7ff6e57a3590 memcpy_s 2 API calls 15964->15965 15965->15964 15967 7ff6e579a94d RtlFreeHeap 15966->15967 15968 7ff6e579a97c 15966->15968 15967->15968 15969 7ff6e579a968 GetLastError 15967->15969 15968->15944 15970 7ff6e579a975 Concurrency::details::SchedulerProxy::DeleteThis 15969->15970 15971 7ff6e5794f08 memcpy_s 9 API calls 15970->15971 15971->15968 15977 7ff6e579adcc 15972->15977 15989 7ff6e57a02d8 EnterCriticalSection 15977->15989 20314 7ff6e57aabe3 20315 7ff6e57aabf3 20314->20315 20318 7ff6e5795478 LeaveCriticalSection 20315->20318 20635 7ff6e57aad69 20638 7ff6e5795478 LeaveCriticalSection 20635->20638 20388 7ff6e57aadfe 20389 7ff6e57aae17 20388->20389 20390 7ff6e57aae0d 20388->20390 20392 7ff6e57a0338 LeaveCriticalSection 20390->20392 20393 7ff6e5795410 20394 7ff6e579541b 20393->20394 20402 7ff6e579f2a4 20394->20402 20415 7ff6e57a02d8 EnterCriticalSection 20402->20415 19479 7ff6e579f98c 19480 7ff6e579fb7e 19479->19480 19482 7ff6e579f9ce _isindst 19479->19482 19481 7ff6e5794f08 memcpy_s 11 API calls 19480->19481 19499 7ff6e579fb6e 19481->19499 19482->19480 19485 7ff6e579fa4e _isindst 19482->19485 19483 7ff6e578c550 _log10_special 8 API calls 19484 7ff6e579fb99 19483->19484 19500 7ff6e57a6194 19485->19500 19490 7ff6e579fbaa 19492 7ff6e579a900 _isindst 17 API calls 19490->19492 19494 7ff6e579fbbe 19492->19494 19497 7ff6e579faab 19497->19499 19525 7ff6e57a61d8 19497->19525 19499->19483 19501 7ff6e579fa6c 19500->19501 19502 7ff6e57a61a3 19500->19502 19507 7ff6e57a5598 19501->19507 19532 7ff6e57a02d8 EnterCriticalSection 19502->19532 19508 7ff6e57a55a1 19507->19508 19509 7ff6e579fa81 19507->19509 19510 7ff6e5794f08 memcpy_s 11 API calls 19508->19510 19509->19490 19513 7ff6e57a55c8 19509->19513 19511 7ff6e57a55a6 19510->19511 19512 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 19511->19512 19512->19509 19514 7ff6e57a55d1 19513->19514 19515 7ff6e579fa92 19513->19515 19516 7ff6e5794f08 memcpy_s 11 API calls 19514->19516 19515->19490 19519 7ff6e57a55f8 19515->19519 19517 7ff6e57a55d6 19516->19517 19518 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 19517->19518 19518->19515 19520 7ff6e57a5601 19519->19520 19521 7ff6e579faa3 19519->19521 19522 7ff6e5794f08 memcpy_s 11 API calls 19520->19522 19521->19490 19521->19497 19523 7ff6e57a5606 19522->19523 19524 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 19523->19524 19524->19521 19533 7ff6e57a02d8 EnterCriticalSection 19525->19533 19759 7ff6e579c520 19770 7ff6e57a02d8 EnterCriticalSection 19759->19770 20182 7ff6e57a16b0 20193 7ff6e57a73e4 20182->20193 20194 7ff6e57a73f1 20193->20194 20195 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20194->20195 20197 7ff6e57a740d 20194->20197 20195->20194 20196 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20196->20197 20197->20196 20198 7ff6e57a16b9 20197->20198 20199 7ff6e57a02d8 EnterCriticalSection 20198->20199 15991 7ff6e5795628 15992 7ff6e579565f 15991->15992 15993 7ff6e5795642 15991->15993 15992->15993 15995 7ff6e5795672 CreateFileW 15992->15995 16042 7ff6e5794ee8 15993->16042 15997 7ff6e57956a6 15995->15997 15998 7ff6e57956dc 15995->15998 16016 7ff6e579577c GetFileType 15997->16016 16048 7ff6e5795c04 15998->16048 16000 7ff6e5794f08 memcpy_s 11 API calls 16003 7ff6e579564f 16000->16003 16045 7ff6e579a8e0 16003->16045 16005 7ff6e57956d1 CloseHandle 16010 7ff6e579565a 16005->16010 16006 7ff6e57956bb CloseHandle 16006->16010 16007 7ff6e5795710 16074 7ff6e57959c4 16007->16074 16008 7ff6e57956e5 16069 7ff6e5794e7c 16008->16069 16015 7ff6e57956ef 16015->16010 16017 7ff6e5795887 16016->16017 16018 7ff6e57957ca 16016->16018 16020 7ff6e579588f 16017->16020 16021 7ff6e57958b1 16017->16021 16019 7ff6e57957f6 GetFileInformationByHandle 16018->16019 16023 7ff6e5795b00 21 API calls 16018->16023 16024 7ff6e579581f 16019->16024 16025 7ff6e57958a2 GetLastError 16019->16025 16020->16025 16026 7ff6e5795893 16020->16026 16022 7ff6e57958d4 PeekNamedPipe 16021->16022 16041 7ff6e5795872 16021->16041 16022->16041 16028 7ff6e57957e4 16023->16028 16029 7ff6e57959c4 51 API calls 16024->16029 16027 7ff6e5794e7c _fread_nolock 11 API calls 16025->16027 16030 7ff6e5794f08 memcpy_s 11 API calls 16026->16030 16027->16041 16028->16019 16028->16041 16032 7ff6e579582a 16029->16032 16030->16041 16091 7ff6e5795924 16032->16091 16036 7ff6e5795924 10 API calls 16037 7ff6e5795849 16036->16037 16038 7ff6e5795924 10 API calls 16037->16038 16039 7ff6e579585a 16038->16039 16040 7ff6e5794f08 memcpy_s 11 API calls 16039->16040 16039->16041 16040->16041 16098 7ff6e578c550 16041->16098 16043 7ff6e579b2c8 memcpy_s 11 API calls 16042->16043 16044 7ff6e5794ef1 16043->16044 16044->16000 16112 7ff6e579a778 16045->16112 16047 7ff6e579a8f9 16047->16010 16049 7ff6e5795c3a 16048->16049 16050 7ff6e5794f08 memcpy_s 11 API calls 16049->16050 16068 7ff6e5795cd2 __vcrt_freefls 16049->16068 16052 7ff6e5795c4c 16050->16052 16051 7ff6e578c550 _log10_special 8 API calls 16053 7ff6e57956e1 16051->16053 16054 7ff6e5794f08 memcpy_s 11 API calls 16052->16054 16053->16007 16053->16008 16055 7ff6e5795c54 16054->16055 16164 7ff6e5797e08 16055->16164 16057 7ff6e5795c69 16058 7ff6e5795c71 16057->16058 16059 7ff6e5795c7b 16057->16059 16061 7ff6e5794f08 memcpy_s 11 API calls 16058->16061 16060 7ff6e5794f08 memcpy_s 11 API calls 16059->16060 16062 7ff6e5795c80 16060->16062 16065 7ff6e5795c76 16061->16065 16063 7ff6e5794f08 memcpy_s 11 API calls 16062->16063 16062->16068 16064 7ff6e5795c8a 16063->16064 16066 7ff6e5797e08 45 API calls 16064->16066 16067 7ff6e5795cc4 GetDriveTypeW 16065->16067 16065->16068 16066->16065 16067->16068 16068->16051 16070 7ff6e579b2c8 memcpy_s 11 API calls 16069->16070 16071 7ff6e5794e89 Concurrency::details::SchedulerProxy::DeleteThis 16070->16071 16072 7ff6e579b2c8 memcpy_s 11 API calls 16071->16072 16073 7ff6e5794eab 16072->16073 16073->16015 16075 7ff6e57959ec 16074->16075 16083 7ff6e579571d 16075->16083 16258 7ff6e579f724 16075->16258 16077 7ff6e5795a80 16078 7ff6e579f724 51 API calls 16077->16078 16077->16083 16079 7ff6e5795a93 16078->16079 16080 7ff6e579f724 51 API calls 16079->16080 16079->16083 16081 7ff6e5795aa6 16080->16081 16082 7ff6e579f724 51 API calls 16081->16082 16081->16083 16082->16083 16084 7ff6e5795b00 16083->16084 16085 7ff6e5795b1a 16084->16085 16086 7ff6e5795b51 16085->16086 16087 7ff6e5795b2a 16085->16087 16088 7ff6e579f5b8 21 API calls 16086->16088 16089 7ff6e5794e7c _fread_nolock 11 API calls 16087->16089 16090 7ff6e5795b3a 16087->16090 16088->16090 16089->16090 16090->16015 16092 7ff6e5795940 16091->16092 16093 7ff6e579594d FileTimeToSystemTime 16091->16093 16092->16093 16095 7ff6e5795948 16092->16095 16094 7ff6e5795961 SystemTimeToTzSpecificLocalTime 16093->16094 16093->16095 16094->16095 16096 7ff6e578c550 _log10_special 8 API calls 16095->16096 16097 7ff6e5795839 16096->16097 16097->16036 16099 7ff6e578c559 16098->16099 16100 7ff6e578c564 16099->16100 16101 7ff6e578c8e0 IsProcessorFeaturePresent 16099->16101 16100->16005 16100->16006 16102 7ff6e578c8f8 16101->16102 16107 7ff6e578cad8 RtlCaptureContext 16102->16107 16108 7ff6e578caf2 RtlLookupFunctionEntry 16107->16108 16109 7ff6e578c90b 16108->16109 16110 7ff6e578cb08 RtlVirtualUnwind 16108->16110 16111 7ff6e578c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16109->16111 16110->16108 16110->16109 16113 7ff6e579a7a3 16112->16113 16116 7ff6e579a814 16113->16116 16115 7ff6e579a7ca 16115->16047 16126 7ff6e579a55c 16116->16126 16120 7ff6e579a84f 16120->16115 16127 7ff6e579a5b3 16126->16127 16128 7ff6e579a578 GetLastError 16126->16128 16127->16120 16132 7ff6e579a5c8 16127->16132 16129 7ff6e579a588 16128->16129 16139 7ff6e579b390 16129->16139 16133 7ff6e579a5e4 GetLastError SetLastError 16132->16133 16134 7ff6e579a5fc 16132->16134 16133->16134 16134->16120 16135 7ff6e579a900 IsProcessorFeaturePresent 16134->16135 16136 7ff6e579a913 16135->16136 16156 7ff6e579a614 16136->16156 16140 7ff6e579b3af FlsGetValue 16139->16140 16141 7ff6e579b3ca FlsSetValue 16139->16141 16142 7ff6e579b3c4 16140->16142 16144 7ff6e579a5a3 SetLastError 16140->16144 16143 7ff6e579b3d7 16141->16143 16141->16144 16142->16141 16145 7ff6e579eb98 memcpy_s 11 API calls 16143->16145 16144->16127 16146 7ff6e579b3e6 16145->16146 16147 7ff6e579b404 FlsSetValue 16146->16147 16148 7ff6e579b3f4 FlsSetValue 16146->16148 16150 7ff6e579b410 FlsSetValue 16147->16150 16151 7ff6e579b422 16147->16151 16149 7ff6e579b3fd 16148->16149 16153 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16149->16153 16150->16149 16152 7ff6e579aef4 memcpy_s 11 API calls 16151->16152 16154 7ff6e579b42a 16152->16154 16153->16144 16155 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16154->16155 16155->16144 16157 7ff6e579a64e _isindst memcpy_s 16156->16157 16158 7ff6e579a676 RtlCaptureContext RtlLookupFunctionEntry 16157->16158 16159 7ff6e579a6b0 RtlVirtualUnwind 16158->16159 16160 7ff6e579a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16158->16160 16159->16160 16161 7ff6e579a738 _isindst 16160->16161 16162 7ff6e578c550 _log10_special 8 API calls 16161->16162 16163 7ff6e579a757 GetCurrentProcess TerminateProcess 16162->16163 16165 7ff6e5797e92 16164->16165 16166 7ff6e5797e24 16164->16166 16201 7ff6e57a07c0 16165->16201 16166->16165 16168 7ff6e5797e29 16166->16168 16169 7ff6e5797e5e 16168->16169 16170 7ff6e5797e41 16168->16170 16184 7ff6e5797c4c GetFullPathNameW 16169->16184 16176 7ff6e5797bd8 GetFullPathNameW 16170->16176 16175 7ff6e5797e56 __vcrt_freefls 16175->16057 16177 7ff6e5797bfe GetLastError 16176->16177 16178 7ff6e5797c14 16176->16178 16179 7ff6e5794e7c _fread_nolock 11 API calls 16177->16179 16180 7ff6e5797c10 16178->16180 16183 7ff6e5794f08 memcpy_s 11 API calls 16178->16183 16181 7ff6e5797c0b 16179->16181 16180->16175 16182 7ff6e5794f08 memcpy_s 11 API calls 16181->16182 16182->16180 16183->16180 16185 7ff6e5797c7f GetLastError 16184->16185 16190 7ff6e5797c95 __vcrt_freefls 16184->16190 16186 7ff6e5794e7c _fread_nolock 11 API calls 16185->16186 16187 7ff6e5797c8c 16186->16187 16188 7ff6e5794f08 memcpy_s 11 API calls 16187->16188 16189 7ff6e5797c91 16188->16189 16192 7ff6e5797d24 16189->16192 16190->16189 16191 7ff6e5797cef GetFullPathNameW 16190->16191 16191->16185 16191->16189 16196 7ff6e5797d98 memcpy_s 16192->16196 16197 7ff6e5797d4d memcpy_s 16192->16197 16193 7ff6e5797d81 16194 7ff6e5794f08 memcpy_s 11 API calls 16193->16194 16195 7ff6e5797d86 16194->16195 16199 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16195->16199 16196->16175 16197->16193 16197->16196 16198 7ff6e5797dba 16197->16198 16198->16196 16200 7ff6e5794f08 memcpy_s 11 API calls 16198->16200 16199->16196 16200->16195 16204 7ff6e57a05d0 16201->16204 16205 7ff6e57a0612 16204->16205 16206 7ff6e57a05fb 16204->16206 16207 7ff6e57a0637 16205->16207 16208 7ff6e57a0616 16205->16208 16209 7ff6e5794f08 memcpy_s 11 API calls 16206->16209 16242 7ff6e579f5b8 16207->16242 16230 7ff6e57a073c 16208->16230 16210 7ff6e57a0600 16209->16210 16215 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16210->16215 16214 7ff6e57a063c 16218 7ff6e57a06e1 16214->16218 16225 7ff6e57a0663 16214->16225 16229 7ff6e57a060b __vcrt_freefls 16215->16229 16216 7ff6e57a061f 16217 7ff6e5794ee8 _fread_nolock 11 API calls 16216->16217 16219 7ff6e57a0624 16217->16219 16218->16206 16220 7ff6e57a06e9 16218->16220 16222 7ff6e5794f08 memcpy_s 11 API calls 16219->16222 16223 7ff6e5797bd8 13 API calls 16220->16223 16221 7ff6e578c550 _log10_special 8 API calls 16224 7ff6e57a0731 16221->16224 16222->16210 16223->16229 16224->16175 16226 7ff6e5797c4c 14 API calls 16225->16226 16227 7ff6e57a06a7 16226->16227 16228 7ff6e5797d24 37 API calls 16227->16228 16227->16229 16228->16229 16229->16221 16231 7ff6e57a0786 16230->16231 16232 7ff6e57a0756 16230->16232 16233 7ff6e57a0791 GetDriveTypeW 16231->16233 16234 7ff6e57a0771 16231->16234 16235 7ff6e5794ee8 _fread_nolock 11 API calls 16232->16235 16233->16234 16238 7ff6e578c550 _log10_special 8 API calls 16234->16238 16236 7ff6e57a075b 16235->16236 16237 7ff6e5794f08 memcpy_s 11 API calls 16236->16237 16239 7ff6e57a0766 16237->16239 16240 7ff6e57a061b 16238->16240 16241 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16239->16241 16240->16214 16240->16216 16241->16234 16256 7ff6e57aa4d0 16242->16256 16245 7ff6e579f605 16248 7ff6e578c550 _log10_special 8 API calls 16245->16248 16246 7ff6e579f62c 16247 7ff6e579eb98 memcpy_s 11 API calls 16246->16247 16249 7ff6e579f63b 16247->16249 16250 7ff6e579f699 16248->16250 16251 7ff6e579f645 GetCurrentDirectoryW 16249->16251 16252 7ff6e579f654 16249->16252 16250->16214 16251->16252 16253 7ff6e579f659 16251->16253 16254 7ff6e5794f08 memcpy_s 11 API calls 16252->16254 16255 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16253->16255 16254->16253 16255->16245 16257 7ff6e579f5ee GetCurrentDirectoryW 16256->16257 16257->16245 16257->16246 16259 7ff6e579f755 16258->16259 16260 7ff6e579f731 16258->16260 16262 7ff6e579f78f 16259->16262 16266 7ff6e579f7ae 16259->16266 16260->16259 16261 7ff6e579f736 16260->16261 16263 7ff6e5794f08 memcpy_s 11 API calls 16261->16263 16265 7ff6e5794f08 memcpy_s 11 API calls 16262->16265 16264 7ff6e579f73b 16263->16264 16267 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16264->16267 16268 7ff6e579f794 16265->16268 16275 7ff6e5794f4c 16266->16275 16270 7ff6e579f746 16267->16270 16271 7ff6e579a8e0 _invalid_parameter_noinfo 37 API calls 16268->16271 16270->16077 16272 7ff6e579f79f 16271->16272 16272->16077 16273 7ff6e57a04dc 51 API calls 16274 7ff6e579f7bb 16273->16274 16274->16272 16274->16273 16276 7ff6e5794f70 16275->16276 16282 7ff6e5794f6b 16275->16282 16276->16282 16283 7ff6e579b150 GetLastError 16276->16283 16282->16274 16284 7ff6e579b191 FlsSetValue 16283->16284 16285 7ff6e579b174 FlsGetValue 16283->16285 16287 7ff6e579b1a3 16284->16287 16303 7ff6e579b181 16284->16303 16286 7ff6e579b18b 16285->16286 16285->16303 16286->16284 16289 7ff6e579eb98 memcpy_s 11 API calls 16287->16289 16288 7ff6e579b1fd SetLastError 16290 7ff6e5794f8b 16288->16290 16291 7ff6e579b21d 16288->16291 16292 7ff6e579b1b2 16289->16292 16305 7ff6e579d984 16290->16305 16313 7ff6e579a504 16291->16313 16294 7ff6e579b1d0 FlsSetValue 16292->16294 16295 7ff6e579b1c0 FlsSetValue 16292->16295 16298 7ff6e579b1ee 16294->16298 16299 7ff6e579b1dc FlsSetValue 16294->16299 16297 7ff6e579b1c9 16295->16297 16301 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16297->16301 16300 7ff6e579aef4 memcpy_s 11 API calls 16298->16300 16299->16297 16302 7ff6e579b1f6 16300->16302 16301->16303 16304 7ff6e579a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16302->16304 16303->16288 16304->16288 16306 7ff6e5794fae 16305->16306 16307 7ff6e579d999 16305->16307 16309 7ff6e579d9f0 16306->16309 16307->16306 16357 7ff6e57a3304 16307->16357 16310 7ff6e579da05 16309->16310 16311 7ff6e579da18 16309->16311 16310->16311 16370 7ff6e57a2650 16310->16370 16311->16282 16322 7ff6e57a3650 16313->16322 16348 7ff6e57a3608 16322->16348 16353 7ff6e57a02d8 EnterCriticalSection 16348->16353 16358 7ff6e579b150 __GetCurrentState 45 API calls 16357->16358 16359 7ff6e57a3313 16358->16359 16360 7ff6e57a335e 16359->16360 16369 7ff6e57a02d8 EnterCriticalSection 16359->16369 16360->16306 16371 7ff6e579b150 __GetCurrentState 45 API calls 16370->16371 16372 7ff6e57a2659 16371->16372

                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                      Function 00007FF6E57889E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 0 7ff6e57889e0-7ff6e5788b26 call 7ff6e578c850 call 7ff6e5789390 SetConsoleCtrlHandler GetStartupInfoW call 7ff6e57953f0 call 7ff6e579a47c call 7ff6e579871c call 7ff6e57953f0 call 7ff6e579a47c call 7ff6e579871c call 7ff6e57953f0 call 7ff6e579a47c call 7ff6e579871c GetCommandLineW CreateProcessW 23 7ff6e5788b28-7ff6e5788b48 GetLastError call 7ff6e5782c50 0->23 24 7ff6e5788b4d-7ff6e5788b89 RegisterClassW 0->24 31 7ff6e5788e39-7ff6e5788e5f call 7ff6e578c550 23->31 26 7ff6e5788b91-7ff6e5788be5 CreateWindowExW 24->26 27 7ff6e5788b8b GetLastError 24->27 29 7ff6e5788bef-7ff6e5788bf4 ShowWindow 26->29 30 7ff6e5788be7-7ff6e5788bed GetLastError 26->30 27->26 32 7ff6e5788bfa-7ff6e5788c0a WaitForSingleObject 29->32 30->32 34 7ff6e5788c88-7ff6e5788c8f 32->34 35 7ff6e5788c0c 32->35 36 7ff6e5788c91-7ff6e5788ca1 WaitForSingleObject 34->36 37 7ff6e5788cd2-7ff6e5788cd9 34->37 39 7ff6e5788c10-7ff6e5788c13 35->39 40 7ff6e5788ca7-7ff6e5788cb7 TerminateProcess 36->40 41 7ff6e5788df8-7ff6e5788e02 36->41 42 7ff6e5788cdf-7ff6e5788cf5 QueryPerformanceFrequency QueryPerformanceCounter 37->42 43 7ff6e5788dc0-7ff6e5788dd9 GetMessageW 37->43 44 7ff6e5788c15 GetLastError 39->44 45 7ff6e5788c1b-7ff6e5788c22 39->45 50 7ff6e5788cbf-7ff6e5788ccd WaitForSingleObject 40->50 51 7ff6e5788cb9 GetLastError 40->51 48 7ff6e5788e11-7ff6e5788e35 GetExitCodeProcess CloseHandle * 2 41->48 49 7ff6e5788e04-7ff6e5788e0a DestroyWindow 41->49 52 7ff6e5788d00-7ff6e5788d38 MsgWaitForMultipleObjects PeekMessageW 42->52 46 7ff6e5788def-7ff6e5788df6 43->46 47 7ff6e5788ddb-7ff6e5788de9 TranslateMessage DispatchMessageW 43->47 44->45 45->36 53 7ff6e5788c24-7ff6e5788c41 PeekMessageW 45->53 46->41 46->43 47->46 48->31 49->48 50->41 51->50 56 7ff6e5788d73-7ff6e5788d7a 52->56 57 7ff6e5788d3a 52->57 54 7ff6e5788c43-7ff6e5788c74 TranslateMessage DispatchMessageW PeekMessageW 53->54 55 7ff6e5788c76-7ff6e5788c86 WaitForSingleObject 53->55 54->54 54->55 55->34 55->39 56->43 59 7ff6e5788d7c-7ff6e5788da5 QueryPerformanceCounter 56->59 58 7ff6e5788d40-7ff6e5788d71 TranslateMessage DispatchMessageW PeekMessageW 57->58 58->56 58->58 59->52 60 7ff6e5788dab-7ff6e5788db2 59->60 60->41 61 7ff6e5788db4-7ff6e5788db8 60->61 61->43
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                      • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                      • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                                      • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                                      • Instruction ID: 0f4de297f7e2ff7164f8715b868bd954ba448a0102784f4c489f3be076bf9670
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CD16133A08A9286EF109F74E8643A93B60FF84F98F400235DA5DC2A95DF3DD9758706
                                                                                                                                                                                                                                                      Function 00007FF6E5781000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 62 7ff6e5781000-7ff6e5783806 call 7ff6e578fe18 call 7ff6e578fe20 call 7ff6e578c850 call 7ff6e57953f0 call 7ff6e5795484 call 7ff6e57836b0 76 7ff6e5783808-7ff6e578380f 62->76 77 7ff6e5783814-7ff6e5783836 call 7ff6e5781950 62->77 78 7ff6e5783c97-7ff6e5783cb2 call 7ff6e578c550 76->78 83 7ff6e578383c-7ff6e5783856 call 7ff6e5781c80 77->83 84 7ff6e578391b-7ff6e5783931 call 7ff6e57845c0 77->84 88 7ff6e578385b-7ff6e578389b call 7ff6e5788830 83->88 89 7ff6e578396a-7ff6e578397f call 7ff6e5782710 84->89 90 7ff6e5783933-7ff6e5783960 call 7ff6e5787f90 84->90 97 7ff6e578389d-7ff6e57838a3 88->97 98 7ff6e57838c1-7ff6e57838cc call 7ff6e5794f30 88->98 102 7ff6e5783c8f 89->102 100 7ff6e5783984-7ff6e57839a6 call 7ff6e5781c80 90->100 101 7ff6e5783962-7ff6e5783965 call 7ff6e579004c 90->101 103 7ff6e57838a5-7ff6e57838ad 97->103 104 7ff6e57838af-7ff6e57838bd call 7ff6e57889a0 97->104 110 7ff6e57839fc-7ff6e5783a2a call 7ff6e5788940 call 7ff6e57889a0 * 3 98->110 111 7ff6e57838d2-7ff6e57838e1 call 7ff6e5788830 98->111 115 7ff6e57839b0-7ff6e57839b9 100->115 101->89 102->78 103->104 104->98 138 7ff6e5783a2f-7ff6e5783a3e call 7ff6e5788830 110->138 120 7ff6e57838e7-7ff6e57838ed 111->120 121 7ff6e57839f4-7ff6e57839f7 call 7ff6e5794f30 111->121 115->115 118 7ff6e57839bb-7ff6e57839d8 call 7ff6e5781950 115->118 118->88 127 7ff6e57839de-7ff6e57839ef call 7ff6e5782710 118->127 125 7ff6e57838f0-7ff6e57838fc 120->125 121->110 128 7ff6e5783905-7ff6e5783908 125->128 129 7ff6e57838fe-7ff6e5783903 125->129 127->102 128->121 132 7ff6e578390e-7ff6e5783916 call 7ff6e5794f30 128->132 129->125 129->128 132->138 141 7ff6e5783b45-7ff6e5783b53 138->141 142 7ff6e5783a44-7ff6e5783a47 138->142 144 7ff6e5783b59-7ff6e5783b5d 141->144 145 7ff6e5783a67 141->145 142->141 143 7ff6e5783a4d-7ff6e5783a50 142->143 146 7ff6e5783a56-7ff6e5783a5a 143->146 147 7ff6e5783b14-7ff6e5783b17 143->147 148 7ff6e5783a6b-7ff6e5783a90 call 7ff6e5794f30 144->148 145->148 146->147 149 7ff6e5783a60 146->149 150 7ff6e5783b19-7ff6e5783b1d 147->150 151 7ff6e5783b2f-7ff6e5783b40 call 7ff6e5782710 147->151 157 7ff6e5783aab-7ff6e5783ac0 148->157 158 7ff6e5783a92-7ff6e5783aa6 call 7ff6e5788940 148->158 149->145 150->151 153 7ff6e5783b1f-7ff6e5783b2a 150->153 159 7ff6e5783c7f-7ff6e5783c87 151->159 153->148 161 7ff6e5783be8-7ff6e5783bfa call 7ff6e5788830 157->161 162 7ff6e5783ac6-7ff6e5783aca 157->162 158->157 159->102 171 7ff6e5783bfc-7ff6e5783c02 161->171 172 7ff6e5783c2e 161->172 164 7ff6e5783bcd-7ff6e5783be2 call 7ff6e5781940 162->164 165 7ff6e5783ad0-7ff6e5783ae8 call 7ff6e5795250 162->165 164->161 164->162 175 7ff6e5783aea-7ff6e5783b02 call 7ff6e5795250 165->175 176 7ff6e5783b62-7ff6e5783b7a call 7ff6e5795250 165->176 173 7ff6e5783c04-7ff6e5783c1c 171->173 174 7ff6e5783c1e-7ff6e5783c2c 171->174 177 7ff6e5783c31-7ff6e5783c40 call 7ff6e5794f30 172->177 173->177 174->177 175->164 186 7ff6e5783b08-7ff6e5783b0f 175->186 184 7ff6e5783b7c-7ff6e5783b80 176->184 185 7ff6e5783b87-7ff6e5783b9f call 7ff6e5795250 176->185 187 7ff6e5783c46-7ff6e5783c4a 177->187 188 7ff6e5783d41-7ff6e5783d63 call 7ff6e57844e0 177->188 184->185 197 7ff6e5783bac-7ff6e5783bc4 call 7ff6e5795250 185->197 198 7ff6e5783ba1-7ff6e5783ba5 185->198 186->164 190 7ff6e5783cd4-7ff6e5783ce6 call 7ff6e5788830 187->190 191 7ff6e5783c50-7ff6e5783c5f call 7ff6e57890e0 187->191 201 7ff6e5783d65-7ff6e5783d6f call 7ff6e5784630 188->201 202 7ff6e5783d71-7ff6e5783d82 call 7ff6e5781c80 188->202 206 7ff6e5783ce8-7ff6e5783ceb 190->206 207 7ff6e5783d35-7ff6e5783d3c 190->207 204 7ff6e5783cb3-7ff6e5783cb6 call 7ff6e5788660 191->204 205 7ff6e5783c61 191->205 197->164 219 7ff6e5783bc6 197->219 198->197 210 7ff6e5783d87-7ff6e5783d96 201->210 202->210 218 7ff6e5783cbb-7ff6e5783cbd 204->218 213 7ff6e5783c68 call 7ff6e5782710 205->213 206->207 214 7ff6e5783ced-7ff6e5783d10 call 7ff6e5781c80 206->214 207->213 216 7ff6e5783d98-7ff6e5783d9f 210->216 217 7ff6e5783dc4-7ff6e5783dda call 7ff6e5789390 210->217 226 7ff6e5783c6d-7ff6e5783c77 213->226 230 7ff6e5783d2b-7ff6e5783d33 call 7ff6e5794f30 214->230 231 7ff6e5783d12-7ff6e5783d26 call 7ff6e5782710 call 7ff6e5794f30 214->231 216->217 222 7ff6e5783da1-7ff6e5783da5 216->222 234 7ff6e5783ddc 217->234 235 7ff6e5783de8-7ff6e5783e04 SetDllDirectoryW 217->235 224 7ff6e5783cc8-7ff6e5783ccf 218->224 225 7ff6e5783cbf-7ff6e5783cc6 218->225 219->164 222->217 228 7ff6e5783da7-7ff6e5783dbe SetDllDirectoryW LoadLibraryExW 222->228 224->210 225->213 226->159 228->217 230->210 231->226 234->235 238 7ff6e5783e0a-7ff6e5783e19 call 7ff6e5788830 235->238 239 7ff6e5783f01-7ff6e5783f08 235->239 251 7ff6e5783e1b-7ff6e5783e21 238->251 252 7ff6e5783e32-7ff6e5783e3c call 7ff6e5794f30 238->252 241 7ff6e5784008-7ff6e5784010 239->241 242 7ff6e5783f0e-7ff6e5783f15 239->242 246 7ff6e5784035-7ff6e5784067 call 7ff6e57836a0 call 7ff6e5783360 call 7ff6e5783670 call 7ff6e5786fc0 call 7ff6e5786d70 241->246 247 7ff6e5784012-7ff6e578402f PostMessageW GetMessageW 241->247 242->241 245 7ff6e5783f1b-7ff6e5783f25 call 7ff6e57833c0 242->245 245->226 259 7ff6e5783f2b-7ff6e5783f3f call 7ff6e57890c0 245->259 247->246 256 7ff6e5783e2d-7ff6e5783e2f 251->256 257 7ff6e5783e23-7ff6e5783e2b 251->257 261 7ff6e5783ef2-7ff6e5783efc call 7ff6e5788940 252->261 262 7ff6e5783e42-7ff6e5783e48 252->262 256->252 257->256 272 7ff6e5783f64-7ff6e5783f7a call 7ff6e5788940 call 7ff6e57889e0 259->272 273 7ff6e5783f41-7ff6e5783f5e PostMessageW GetMessageW 259->273 261->239 262->261 266 7ff6e5783e4e-7ff6e5783e54 262->266 270 7ff6e5783e56-7ff6e5783e58 266->270 271 7ff6e5783e5f-7ff6e5783e61 266->271 275 7ff6e5783e5a 270->275 276 7ff6e5783e67-7ff6e5783e83 call 7ff6e5786dc0 call 7ff6e5787340 270->276 271->239 271->276 284 7ff6e5783f7f-7ff6e5783fa7 call 7ff6e5786fc0 call 7ff6e5786d70 call 7ff6e57888e0 272->284 273->272 275->239 290 7ff6e5783e85-7ff6e5783e8c 276->290 291 7ff6e5783e8e-7ff6e5783e95 276->291 310 7ff6e5783fa9-7ff6e5783fbf call 7ff6e5788ed0 call 7ff6e57888e0 284->310 311 7ff6e5783ff5-7ff6e5784003 call 7ff6e5781900 284->311 293 7ff6e5783edb-7ff6e5783ef0 call 7ff6e5782a50 call 7ff6e5786fc0 call 7ff6e5786d70 290->293 294 7ff6e5783e97-7ff6e5783ea4 call 7ff6e5786e00 291->294 295 7ff6e5783eaf-7ff6e5783eb9 call 7ff6e57871b0 291->295 293->239 294->295 304 7ff6e5783ea6-7ff6e5783ead 294->304 305 7ff6e5783ebb-7ff6e5783ec2 295->305 306 7ff6e5783ec4-7ff6e5783ed2 call 7ff6e57874f0 295->306 304->293 305->293 306->239 319 7ff6e5783ed4 306->319 310->311 323 7ff6e5783fc1-7ff6e5783fd6 310->323 311->226 319->293 324 7ff6e5783fd8-7ff6e5783feb call 7ff6e5782710 call 7ff6e5781900 323->324 325 7ff6e5783ff0 call 7ff6e5782a50 323->325 324->226 325->311
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                      • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                                      • Opcode ID: 0fc2a62b29909a6a0d3f044a1fbc6a2b647256b24c01ebaaa7850baca27c5136
                                                                                                                                                                                                                                                      • Instruction ID: b435d199805b71d04b19b9ff1d0c433f92d7a4571b6dc6ae0eb2abbcf6d6dc69
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc2a62b29909a6a0d3f044a1fbc6a2b647256b24c01ebaaa7850baca27c5136
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97328D63A0C6A291FE159B29D8743B92691AF44F80F444432DA5DC32D6EF2EED74C31B
                                                                                                                                                                                                                                                      Function 00007FF6E57A5C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 479 7ff6e57a5c00-7ff6e57a5c3b call 7ff6e57a5588 call 7ff6e57a5590 call 7ff6e57a55f8 486 7ff6e57a5c41-7ff6e57a5c4c call 7ff6e57a5598 479->486 487 7ff6e57a5e65-7ff6e57a5eb1 call 7ff6e579a900 call 7ff6e57a5588 call 7ff6e57a5590 call 7ff6e57a55f8 479->487 486->487 493 7ff6e57a5c52-7ff6e57a5c5c 486->493 513 7ff6e57a5fef-7ff6e57a605d call 7ff6e579a900 call 7ff6e57a1578 487->513 514 7ff6e57a5eb7-7ff6e57a5ec2 call 7ff6e57a5598 487->514 495 7ff6e57a5c7e-7ff6e57a5c82 493->495 496 7ff6e57a5c5e-7ff6e57a5c61 493->496 499 7ff6e57a5c85-7ff6e57a5c8d 495->499 498 7ff6e57a5c64-7ff6e57a5c6f 496->498 501 7ff6e57a5c71-7ff6e57a5c78 498->501 502 7ff6e57a5c7a-7ff6e57a5c7c 498->502 499->499 503 7ff6e57a5c8f-7ff6e57a5ca2 call 7ff6e579d5fc 499->503 501->498 501->502 502->495 506 7ff6e57a5cab-7ff6e57a5cb9 502->506 509 7ff6e57a5ca4-7ff6e57a5ca6 call 7ff6e579a948 503->509 510 7ff6e57a5cba-7ff6e57a5cc6 call 7ff6e579a948 503->510 509->506 521 7ff6e57a5ccd-7ff6e57a5cd5 510->521 531 7ff6e57a605f-7ff6e57a6066 513->531 532 7ff6e57a606b-7ff6e57a606e 513->532 514->513 522 7ff6e57a5ec8-7ff6e57a5ed3 call 7ff6e57a55c8 514->522 521->521 524 7ff6e57a5cd7-7ff6e57a5ce8 call 7ff6e57a0474 521->524 522->513 534 7ff6e57a5ed9-7ff6e57a5efc call 7ff6e579a948 GetTimeZoneInformation 522->534 524->487 533 7ff6e57a5cee-7ff6e57a5d44 call 7ff6e57aa4d0 * 4 call 7ff6e57a5b1c 524->533 535 7ff6e57a60fb-7ff6e57a60fe 531->535 537 7ff6e57a6070 532->537 538 7ff6e57a60a5-7ff6e57a60b8 call 7ff6e579d5fc 532->538 592 7ff6e57a5d46-7ff6e57a5d4a 533->592 545 7ff6e57a5f02-7ff6e57a5f23 534->545 546 7ff6e57a5fc4-7ff6e57a5fee call 7ff6e57a5580 call 7ff6e57a5570 call 7ff6e57a5578 534->546 542 7ff6e57a6073 535->542 543 7ff6e57a6104-7ff6e57a610c call 7ff6e57a5c00 535->543 537->542 557 7ff6e57a60c3-7ff6e57a60de call 7ff6e57a1578 538->557 558 7ff6e57a60ba 538->558 550 7ff6e57a6078-7ff6e57a60a4 call 7ff6e579a948 call 7ff6e578c550 542->550 551 7ff6e57a6073 call 7ff6e57a5e7c 542->551 543->550 552 7ff6e57a5f2e-7ff6e57a5f35 545->552 553 7ff6e57a5f25-7ff6e57a5f2b 545->553 551->550 560 7ff6e57a5f37-7ff6e57a5f3f 552->560 561 7ff6e57a5f49 552->561 553->552 579 7ff6e57a60e0-7ff6e57a60e3 557->579 580 7ff6e57a60e5-7ff6e57a60f7 call 7ff6e579a948 557->580 565 7ff6e57a60bc-7ff6e57a60c1 call 7ff6e579a948 558->565 560->561 567 7ff6e57a5f41-7ff6e57a5f47 560->567 571 7ff6e57a5f4b-7ff6e57a5fbf call 7ff6e57aa4d0 * 4 call 7ff6e57a2b5c call 7ff6e57a6114 * 2 561->571 565->537 567->571 571->546 579->565 580->535 594 7ff6e57a5d50-7ff6e57a5d54 592->594 595 7ff6e57a5d4c 592->595 594->592 597 7ff6e57a5d56-7ff6e57a5d7b call 7ff6e5796b58 594->597 595->594 602 7ff6e57a5d7e-7ff6e57a5d82 597->602 605 7ff6e57a5d91-7ff6e57a5d95 602->605 606 7ff6e57a5d84-7ff6e57a5d8f 602->606 605->602 606->605 608 7ff6e57a5d97-7ff6e57a5d9b 606->608 610 7ff6e57a5d9d-7ff6e57a5dc5 call 7ff6e5796b58 608->610 611 7ff6e57a5e1c-7ff6e57a5e20 608->611 619 7ff6e57a5de3-7ff6e57a5de7 610->619 620 7ff6e57a5dc7 610->620 612 7ff6e57a5e22-7ff6e57a5e24 611->612 613 7ff6e57a5e27-7ff6e57a5e34 611->613 612->613 615 7ff6e57a5e4f-7ff6e57a5e5e call 7ff6e57a5580 call 7ff6e57a5570 613->615 616 7ff6e57a5e36-7ff6e57a5e4c call 7ff6e57a5b1c 613->616 615->487 616->615 619->611 625 7ff6e57a5de9-7ff6e57a5e07 call 7ff6e5796b58 619->625 623 7ff6e57a5dca-7ff6e57a5dd1 620->623 623->619 626 7ff6e57a5dd3-7ff6e57a5de1 623->626 631 7ff6e57a5e13-7ff6e57a5e1a 625->631 626->619 626->623 631->611 632 7ff6e57a5e09-7ff6e57a5e0d 631->632 632->611 633 7ff6e57a5e0f 632->633 633->631
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5C45
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E57A5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E57A55AC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A95E
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A948: GetLastError.KERNEL32(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A968
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6E579A8DF,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579A909
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6E579A8DF,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579A92E
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5C34
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E57A55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E57A560C
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5EAA
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5EBB
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5ECC
                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E57A610C), ref: 00007FF6E57A5EF3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                      • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                      • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                                      • Instruction ID: c118ce2a8ef8e7d9d17c36e227fffd060ce9bc1b8e9abf7ffc6b151aee1da0d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42D1D023A1825286EF20DF26D4607B96761EF84F84F408135EA4DC7696DF3EEC71874A
                                                                                                                                                                                                                                                      Function 00007FF6E57A6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 693 7ff6e57a6964-7ff6e57a69d7 call 7ff6e57a6698 696 7ff6e57a69f1-7ff6e57a69fb call 7ff6e5798520 693->696 697 7ff6e57a69d9-7ff6e57a69e2 call 7ff6e5794ee8 693->697 703 7ff6e57a6a16-7ff6e57a6a7f CreateFileW 696->703 704 7ff6e57a69fd-7ff6e57a6a14 call 7ff6e5794ee8 call 7ff6e5794f08 696->704 702 7ff6e57a69e5-7ff6e57a69ec call 7ff6e5794f08 697->702 719 7ff6e57a6d32-7ff6e57a6d52 702->719 705 7ff6e57a6a81-7ff6e57a6a87 703->705 706 7ff6e57a6afc-7ff6e57a6b07 GetFileType 703->706 704->702 709 7ff6e57a6ac9-7ff6e57a6af7 GetLastError call 7ff6e5794e7c 705->709 710 7ff6e57a6a89-7ff6e57a6a8d 705->710 712 7ff6e57a6b09-7ff6e57a6b44 GetLastError call 7ff6e5794e7c CloseHandle 706->712 713 7ff6e57a6b5a-7ff6e57a6b61 706->713 709->702 710->709 717 7ff6e57a6a8f-7ff6e57a6ac7 CreateFileW 710->717 712->702 728 7ff6e57a6b4a-7ff6e57a6b55 call 7ff6e5794f08 712->728 715 7ff6e57a6b63-7ff6e57a6b67 713->715 716 7ff6e57a6b69-7ff6e57a6b6c 713->716 723 7ff6e57a6b72-7ff6e57a6bc7 call 7ff6e5798438 715->723 716->723 724 7ff6e57a6b6e 716->724 717->706 717->709 731 7ff6e57a6be6-7ff6e57a6c17 call 7ff6e57a6418 723->731 732 7ff6e57a6bc9-7ff6e57a6bd5 call 7ff6e57a68a0 723->732 724->723 728->702 738 7ff6e57a6c19-7ff6e57a6c1b 731->738 739 7ff6e57a6c1d-7ff6e57a6c5f 731->739 732->731 740 7ff6e57a6bd7 732->740 741 7ff6e57a6bd9-7ff6e57a6be1 call 7ff6e579aac0 738->741 742 7ff6e57a6c81-7ff6e57a6c8c 739->742 743 7ff6e57a6c61-7ff6e57a6c65 739->743 740->741 741->719 745 7ff6e57a6d30 742->745 746 7ff6e57a6c92-7ff6e57a6c96 742->746 743->742 744 7ff6e57a6c67-7ff6e57a6c7c 743->744 744->742 745->719 746->745 748 7ff6e57a6c9c-7ff6e57a6ce1 CloseHandle CreateFileW 746->748 750 7ff6e57a6ce3-7ff6e57a6d11 GetLastError call 7ff6e5794e7c call 7ff6e5798660 748->750 751 7ff6e57a6d16-7ff6e57a6d2b 748->751 750->751 751->745
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                                                                                      • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                      • Instruction ID: 4421cbd6fdc199937788354ee72bdcb638e34ef7e7338ff810c55c5a40e0f66a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3C19F37B28A4185EF10CF69C4A06AC3761F749B98B114229DA1EDB795DF3AD871C305
                                                                                                                                                                                                                                                      Function 00007FF6E57A5E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 959 7ff6e57a5e7c-7ff6e57a5eb1 call 7ff6e57a5588 call 7ff6e57a5590 call 7ff6e57a55f8 966 7ff6e57a5fef-7ff6e57a605d call 7ff6e579a900 call 7ff6e57a1578 959->966 967 7ff6e57a5eb7-7ff6e57a5ec2 call 7ff6e57a5598 959->967 978 7ff6e57a605f-7ff6e57a6066 966->978 979 7ff6e57a606b-7ff6e57a606e 966->979 967->966 972 7ff6e57a5ec8-7ff6e57a5ed3 call 7ff6e57a55c8 967->972 972->966 980 7ff6e57a5ed9-7ff6e57a5efc call 7ff6e579a948 GetTimeZoneInformation 972->980 981 7ff6e57a60fb-7ff6e57a60fe 978->981 982 7ff6e57a6070 979->982 983 7ff6e57a60a5-7ff6e57a60b8 call 7ff6e579d5fc 979->983 989 7ff6e57a5f02-7ff6e57a5f23 980->989 990 7ff6e57a5fc4-7ff6e57a5fee call 7ff6e57a5580 call 7ff6e57a5570 call 7ff6e57a5578 980->990 986 7ff6e57a6073 981->986 987 7ff6e57a6104-7ff6e57a610c call 7ff6e57a5c00 981->987 982->986 999 7ff6e57a60c3-7ff6e57a60de call 7ff6e57a1578 983->999 1000 7ff6e57a60ba 983->1000 993 7ff6e57a6078-7ff6e57a60a4 call 7ff6e579a948 call 7ff6e578c550 986->993 994 7ff6e57a6073 call 7ff6e57a5e7c 986->994 987->993 995 7ff6e57a5f2e-7ff6e57a5f35 989->995 996 7ff6e57a5f25-7ff6e57a5f2b 989->996 994->993 1002 7ff6e57a5f37-7ff6e57a5f3f 995->1002 1003 7ff6e57a5f49 995->1003 996->995 1018 7ff6e57a60e0-7ff6e57a60e3 999->1018 1019 7ff6e57a60e5-7ff6e57a60f7 call 7ff6e579a948 999->1019 1006 7ff6e57a60bc-7ff6e57a60c1 call 7ff6e579a948 1000->1006 1002->1003 1008 7ff6e57a5f41-7ff6e57a5f47 1002->1008 1011 7ff6e57a5f4b-7ff6e57a5fbf call 7ff6e57aa4d0 * 4 call 7ff6e57a2b5c call 7ff6e57a6114 * 2 1003->1011 1006->982 1008->1011 1011->990 1018->1006 1019->981
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5EAA
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E57A55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E57A560C
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5EBB
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E57A5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E57A55AC
                                                                                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF6E57A5ECC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E57A55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E57A55DC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A95E
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A948: GetLastError.KERNEL32(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A968
                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E57A610C), ref: 00007FF6E57A5EF3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                      • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                      • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                                      • Instruction ID: d374f54cd3cfacab65e70d981fe8af7843d4636db7126c3a90c2eb967bd8906b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8151C133A1864286EF50DF26D8A16B96761FB48F84F404135EA4EC7696DF3EEC308749
                                                                                                                                                                                                                                                      Function 00007FF6E5789280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                      • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                      • Instruction ID: 630b7f02b40f1aa7360b7bdcb0121614811b3296479f4d059f18ce3c57669cb9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F0C823A1874186FFA08B60F4A876A7750EB84B64F040335DA6DC2AD5DF3DD878CB09
                                                                                                                                                                                                                                                      Function 00007FF6E57A08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1010374628-0
                                                                                                                                                                                                                                                      • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                                      • Instruction ID: da58365c79dd32e451036a7999cfd3a3de54230283602c596abfb930af2450c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9102AF23A1E65341FE65AB1194383792690AF45FA0F454A34DD9DDA3D3DE3EEC30831A
                                                                                                                                                                                                                                                      Function 00007FF6E5781950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 331 7ff6e5781950-7ff6e578198b call 7ff6e57845c0 334 7ff6e5781991-7ff6e57819d1 call 7ff6e5787f90 331->334 335 7ff6e5781c4e-7ff6e5781c72 call 7ff6e578c550 331->335 340 7ff6e5781c3b-7ff6e5781c3e call 7ff6e579004c 334->340 341 7ff6e57819d7-7ff6e57819e7 call 7ff6e57906d4 334->341 345 7ff6e5781c43-7ff6e5781c4b 340->345 346 7ff6e57819e9-7ff6e5781a03 call 7ff6e5794f08 call 7ff6e5782910 341->346 347 7ff6e5781a08-7ff6e5781a24 call 7ff6e579039c 341->347 345->335 346->340 353 7ff6e5781a26-7ff6e5781a40 call 7ff6e5794f08 call 7ff6e5782910 347->353 354 7ff6e5781a45-7ff6e5781a5a call 7ff6e5794f28 347->354 353->340 360 7ff6e5781a5c-7ff6e5781a76 call 7ff6e5794f08 call 7ff6e5782910 354->360 361 7ff6e5781a7b-7ff6e5781afc call 7ff6e5781c80 * 2 call 7ff6e57906d4 354->361 360->340 373 7ff6e5781b01-7ff6e5781b14 call 7ff6e5794f44 361->373 376 7ff6e5781b16-7ff6e5781b30 call 7ff6e5794f08 call 7ff6e5782910 373->376 377 7ff6e5781b35-7ff6e5781b4e call 7ff6e579039c 373->377 376->340 383 7ff6e5781b50-7ff6e5781b6a call 7ff6e5794f08 call 7ff6e5782910 377->383 384 7ff6e5781b6f-7ff6e5781b8b call 7ff6e5790110 377->384 383->340 390 7ff6e5781b8d-7ff6e5781b99 call 7ff6e5782710 384->390 391 7ff6e5781b9e-7ff6e5781bac 384->391 390->340 391->340 394 7ff6e5781bb2-7ff6e5781bb9 391->394 397 7ff6e5781bc1-7ff6e5781bc7 394->397 398 7ff6e5781bc9-7ff6e5781bd6 397->398 399 7ff6e5781be0-7ff6e5781bef 397->399 400 7ff6e5781bf1-7ff6e5781bfa 398->400 399->399 399->400 401 7ff6e5781bfc-7ff6e5781bff 400->401 402 7ff6e5781c0f 400->402 401->402 404 7ff6e5781c01-7ff6e5781c04 401->404 403 7ff6e5781c11-7ff6e5781c24 402->403 405 7ff6e5781c2d-7ff6e5781c39 403->405 406 7ff6e5781c26 403->406 404->402 407 7ff6e5781c06-7ff6e5781c09 404->407 405->340 405->397 406->405 407->402 408 7ff6e5781c0b-7ff6e5781c0d 407->408 408->403
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5787F90: _fread_nolock.LIBCMT ref: 00007FF6E578803A
                                                                                                                                                                                                                                                      • _fread_nolock.LIBCMT ref: 00007FF6E5781A1B
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E5781B6A), ref: 00007FF6E578295E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                      • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                      • Opcode ID: 5da9196b77292879a3d34eab4b69eed09277f5a680287c42466cc399433b52bb
                                                                                                                                                                                                                                                      • Instruction ID: 4c53e56441b76c422e068cc02e0c32acbb3628e2dc84878d151be5534d65095b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5da9196b77292879a3d34eab4b69eed09277f5a680287c42466cc399433b52bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A819173A086D286EF20DB24D0643B927A1AF84F84F444431D98DC7786DE3EE9B5875B
                                                                                                                                                                                                                                                      Function 00007FF6E5781600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 409 7ff6e5781600-7ff6e5781611 410 7ff6e5781637-7ff6e5781651 call 7ff6e57845c0 409->410 411 7ff6e5781613-7ff6e578161c call 7ff6e5781050 409->411 418 7ff6e5781653-7ff6e5781681 call 7ff6e5794f08 call 7ff6e5782910 410->418 419 7ff6e5781682-7ff6e578169c call 7ff6e57845c0 410->419 416 7ff6e578162e-7ff6e5781636 411->416 417 7ff6e578161e-7ff6e5781629 call 7ff6e5782710 411->417 417->416 426 7ff6e57816b8-7ff6e57816cf call 7ff6e57906d4 419->426 427 7ff6e578169e-7ff6e57816b3 call 7ff6e5782710 419->427 434 7ff6e57816f9-7ff6e57816fd 426->434 435 7ff6e57816d1-7ff6e57816f4 call 7ff6e5794f08 call 7ff6e5782910 426->435 433 7ff6e5781821-7ff6e5781824 call 7ff6e579004c 427->433 442 7ff6e5781829-7ff6e578183b 433->442 436 7ff6e5781717-7ff6e5781737 call 7ff6e5794f44 434->436 437 7ff6e57816ff-7ff6e578170b call 7ff6e5781210 434->437 447 7ff6e5781819-7ff6e578181c call 7ff6e579004c 435->447 448 7ff6e5781739-7ff6e578175c call 7ff6e5794f08 call 7ff6e5782910 436->448 449 7ff6e5781761-7ff6e578176c 436->449 444 7ff6e5781710-7ff6e5781712 437->444 444->447 447->433 462 7ff6e578180f-7ff6e5781814 448->462 453 7ff6e5781802-7ff6e578180a call 7ff6e5794f30 449->453 454 7ff6e5781772-7ff6e5781777 449->454 453->462 457 7ff6e5781780-7ff6e57817a2 call 7ff6e579039c 454->457 464 7ff6e57817da-7ff6e57817e6 call 7ff6e5794f08 457->464 465 7ff6e57817a4-7ff6e57817bc call 7ff6e5790adc 457->465 462->447 472 7ff6e57817ed-7ff6e57817f8 call 7ff6e5782910 464->472 470 7ff6e57817c5-7ff6e57817d8 call 7ff6e5794f08 465->470 471 7ff6e57817be-7ff6e57817c1 465->471 470->472 471->457 473 7ff6e57817c3 471->473 476 7ff6e57817fd 472->476 473->476 476->453
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                      • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                                      • Opcode ID: 5d93e2d9b492ec2590e9e2ead86152251fe080dd2e5e8658fb94e6c4b93608a5
                                                                                                                                                                                                                                                      • Instruction ID: ed489929fd07267c006cd7f3a78dcf19dcb739462bea45f3667dbb91c0028f78
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d93e2d9b492ec2590e9e2ead86152251fe080dd2e5e8658fb94e6c4b93608a5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D51A163B0869386EE109B1194203B923A1BF44F94F444535EE4CC7796DE3EED75874B
                                                                                                                                                                                                                                                      Function 00007FF6E5788660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(?,?,00000000,00007FF6E5783CBB), ref: 00007FF6E5788704
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6E5783CBB), ref: 00007FF6E578870A
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00007FF6E5783CBB), ref: 00007FF6E578874C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788830: GetEnvironmentVariableW.KERNEL32(00007FF6E578388E), ref: 00007FF6E5788867
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6E5788889
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5798238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E5798251
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782810: MessageBoxW.USER32 ref: 00007FF6E57828EA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                      • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                                      • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                                      • Instruction ID: c5e7d7fab5099ff724d3d04d004b6a871e49a0abaccd353147181ba27320bca2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2419213A19A5244FE10A76598753BA12A1AF44FC4F840531ED0DD77DADE3EED35830B
                                                                                                                                                                                                                                                      Function 00007FF6E5781210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 756 7ff6e5781210-7ff6e578126d call 7ff6e578bd80 759 7ff6e5781297-7ff6e57812af call 7ff6e5794f44 756->759 760 7ff6e578126f-7ff6e5781296 call 7ff6e5782710 756->760 765 7ff6e57812d4-7ff6e57812e4 call 7ff6e5794f44 759->765 766 7ff6e57812b1-7ff6e57812cf call 7ff6e5794f08 call 7ff6e5782910 759->766 772 7ff6e5781309-7ff6e578131b 765->772 773 7ff6e57812e6-7ff6e5781304 call 7ff6e5794f08 call 7ff6e5782910 765->773 777 7ff6e5781439-7ff6e578144e call 7ff6e578ba60 call 7ff6e5794f30 * 2 766->777 776 7ff6e5781320-7ff6e5781345 call 7ff6e579039c 772->776 773->777 783 7ff6e578134b-7ff6e5781355 call 7ff6e5790110 776->783 784 7ff6e5781431 776->784 793 7ff6e5781453-7ff6e578146d 777->793 783->784 792 7ff6e578135b-7ff6e5781367 783->792 784->777 794 7ff6e5781370-7ff6e5781398 call 7ff6e578a1c0 792->794 797 7ff6e578139a-7ff6e578139d 794->797 798 7ff6e5781416-7ff6e578142c call 7ff6e5782710 794->798 799 7ff6e5781411 797->799 800 7ff6e578139f-7ff6e57813a9 797->800 798->784 799->798 802 7ff6e57813ab-7ff6e57813b9 call 7ff6e5790adc 800->802 803 7ff6e57813d4-7ff6e57813d7 800->803 809 7ff6e57813be-7ff6e57813c1 802->809 804 7ff6e57813ea-7ff6e57813ef 803->804 805 7ff6e57813d9-7ff6e57813e7 call 7ff6e57a9e30 803->805 804->794 808 7ff6e57813f5-7ff6e57813f8 804->808 805->804 811 7ff6e578140c-7ff6e578140f 808->811 812 7ff6e57813fa-7ff6e57813fd 808->812 813 7ff6e57813c3-7ff6e57813cd call 7ff6e5790110 809->813 814 7ff6e57813cf-7ff6e57813d2 809->814 811->784 812->798 815 7ff6e57813ff-7ff6e5781407 812->815 813->804 813->814 814->798 815->776
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                      • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                      • Opcode ID: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                                                                                                                      • Instruction ID: 04cb32d66c15de951b6a7770d9b094148f0a76274542a0abc184ab17383fac48
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A51F423A0869285EE609B11A4603BA6291FF85F94F444131ED4DC7BD6EE3EEC71C70B
                                                                                                                                                                                                                                                      Function 00007FF6E57836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF6E5783804), ref: 00007FF6E57836E1
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E5783804), ref: 00007FF6E57836EB
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E5783706,?,00007FF6E5783804), ref: 00007FF6E5782C9E
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E5783706,?,00007FF6E5783804), ref: 00007FF6E5782D63
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782C50: MessageBoxW.USER32 ref: 00007FF6E5782D99
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                      • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                      • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                      • Instruction ID: 5b0fec96b832982856d0075ac314ea0618ec70d315b532f091164405fb2f4e42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F21B753B1895291FE209725EC703B62254BF44B94F800131EA5EC65D6EE2EED34C30B
                                                                                                                                                                                                                                                      Function 00007FF6E579BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 846 7ff6e579ba5c-7ff6e579ba82 847 7ff6e579ba84-7ff6e579ba98 call 7ff6e5794ee8 call 7ff6e5794f08 846->847 848 7ff6e579ba9d-7ff6e579baa1 846->848 862 7ff6e579be8e 847->862 850 7ff6e579be77-7ff6e579be83 call 7ff6e5794ee8 call 7ff6e5794f08 848->850 851 7ff6e579baa7-7ff6e579baae 848->851 870 7ff6e579be89 call 7ff6e579a8e0 850->870 851->850 853 7ff6e579bab4-7ff6e579bae2 851->853 853->850 856 7ff6e579bae8-7ff6e579baef 853->856 859 7ff6e579baf1-7ff6e579bb03 call 7ff6e5794ee8 call 7ff6e5794f08 856->859 860 7ff6e579bb08-7ff6e579bb0b 856->860 859->870 865 7ff6e579bb11-7ff6e579bb17 860->865 866 7ff6e579be73-7ff6e579be75 860->866 868 7ff6e579be91-7ff6e579bea8 862->868 865->866 867 7ff6e579bb1d-7ff6e579bb20 865->867 866->868 867->859 871 7ff6e579bb22-7ff6e579bb47 867->871 870->862 874 7ff6e579bb49-7ff6e579bb4b 871->874 875 7ff6e579bb7a-7ff6e579bb81 871->875 877 7ff6e579bb72-7ff6e579bb78 874->877 878 7ff6e579bb4d-7ff6e579bb54 874->878 879 7ff6e579bb83-7ff6e579bbab call 7ff6e579d5fc call 7ff6e579a948 * 2 875->879 880 7ff6e579bb56-7ff6e579bb6d call 7ff6e5794ee8 call 7ff6e5794f08 call 7ff6e579a8e0 875->880 882 7ff6e579bbf8-7ff6e579bc0f 877->882 878->877 878->880 907 7ff6e579bbc8-7ff6e579bbf3 call 7ff6e579c284 879->907 908 7ff6e579bbad-7ff6e579bbc3 call 7ff6e5794f08 call 7ff6e5794ee8 879->908 911 7ff6e579bd00 880->911 885 7ff6e579bc11-7ff6e579bc19 882->885 886 7ff6e579bc8a-7ff6e579bc94 call 7ff6e57a391c 882->886 885->886 891 7ff6e579bc1b-7ff6e579bc1d 885->891 899 7ff6e579bd1e 886->899 900 7ff6e579bc9a-7ff6e579bcaf 886->900 891->886 895 7ff6e579bc1f-7ff6e579bc35 891->895 895->886 896 7ff6e579bc37-7ff6e579bc43 895->896 896->886 901 7ff6e579bc45-7ff6e579bc47 896->901 903 7ff6e579bd23-7ff6e579bd43 ReadFile 899->903 900->899 905 7ff6e579bcb1-7ff6e579bcc3 GetConsoleMode 900->905 901->886 906 7ff6e579bc49-7ff6e579bc61 901->906 909 7ff6e579bd49-7ff6e579bd51 903->909 910 7ff6e579be3d-7ff6e579be46 GetLastError 903->910 905->899 912 7ff6e579bcc5-7ff6e579bccd 905->912 906->886 914 7ff6e579bc63-7ff6e579bc6f 906->914 907->882 908->911 909->910 916 7ff6e579bd57 909->916 919 7ff6e579be63-7ff6e579be66 910->919 920 7ff6e579be48-7ff6e579be5e call 7ff6e5794f08 call 7ff6e5794ee8 910->920 913 7ff6e579bd03-7ff6e579bd0d call 7ff6e579a948 911->913 912->903 918 7ff6e579bccf-7ff6e579bcf1 ReadConsoleW 912->918 913->868 914->886 923 7ff6e579bc71-7ff6e579bc73 914->923 927 7ff6e579bd5e-7ff6e579bd73 916->927 929 7ff6e579bcf3 GetLastError 918->929 930 7ff6e579bd12-7ff6e579bd1c 918->930 924 7ff6e579bcf9-7ff6e579bcfb call 7ff6e5794e7c 919->924 925 7ff6e579be6c-7ff6e579be6e 919->925 920->911 923->886 933 7ff6e579bc75-7ff6e579bc85 923->933 924->911 925->913 927->913 935 7ff6e579bd75-7ff6e579bd80 927->935 929->924 930->927 933->886 939 7ff6e579bd82-7ff6e579bd9b call 7ff6e579b674 935->939 940 7ff6e579bda7-7ff6e579bdaf 935->940 948 7ff6e579bda0-7ff6e579bda2 939->948 943 7ff6e579bdb1-7ff6e579bdc3 940->943 944 7ff6e579be2b-7ff6e579be38 call 7ff6e579b4b4 940->944 945 7ff6e579be1e-7ff6e579be26 943->945 946 7ff6e579bdc5 943->946 944->948 945->913 949 7ff6e579bdca-7ff6e579bdd1 946->949 948->913 951 7ff6e579bdd3-7ff6e579bdd7 949->951 952 7ff6e579be0d-7ff6e579be18 949->952 953 7ff6e579bdf3 951->953 954 7ff6e579bdd9-7ff6e579bde0 951->954 952->945 956 7ff6e579bdf9-7ff6e579be09 953->956 954->953 955 7ff6e579bde2-7ff6e579bde6 954->955 955->953 957 7ff6e579bde8-7ff6e579bdf1 955->957 956->949 958 7ff6e579be0b 956->958 957->956 958->945
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                                      • Instruction ID: b3bb25ea907e6c21243a0528ec2b95cf3cf68bb4d61e4bd289e7f6af573058a9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52C1E12390C68681EE609B1590643BD2FA5FB81F80F574135EA4DC3391CE7EEC75872A
                                                                                                                                                                                                                                                      Function 00007FF6E5788570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 995526605-0
                                                                                                                                                                                                                                                      • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                                      • Instruction ID: 0f466b5249eff80fc79c7372932068c087beb5a2213f29358f83fd644e38898c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7216132B0C64342EE108B55F46432AA7A0FB81BE0F500635EA6DC3AD5DE7ED8758706
                                                                                                                                                                                                                                                      Function 00007FF6E57890E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: GetCurrentProcess.KERNEL32 ref: 00007FF6E5788590
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: OpenProcessToken.ADVAPI32 ref: 00007FF6E57885A3
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: GetTokenInformation.KERNELBASE ref: 00007FF6E57885C8
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: GetLastError.KERNEL32 ref: 00007FF6E57885D2
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: GetTokenInformation.KERNELBASE ref: 00007FF6E5788612
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E578862E
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5788570: CloseHandle.KERNEL32 ref: 00007FF6E5788646
                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00007FF6E5783C55), ref: 00007FF6E578916C
                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00007FF6E5783C55), ref: 00007FF6E5789175
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                      • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                      • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                                      • Instruction ID: 2413bc399c2d9a785e978e640a2b030781804cf77a55d75237ff3e1ba43094c1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69217122A1875281FF10AB10E4253EA62A5FF84B80F444031EA4DD3B86DF3EED748746
                                                                                                                                                                                                                                                      Function 00007FF6E5787E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6E578352C,?,00000000,00007FF6E5783F23), ref: 00007FF6E5787F32
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateDirectory
                                                                                                                                                                                                                                                      • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                      • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                      • Opcode ID: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                                                                                                                      • Instruction ID: 4547f53f39be3a1e8b606d0701facd39e8c327a06f772773d4d2234f0ceae348
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C310A62619AD145EE218B11E4207AA6354EF84FE0F400230EE6EC7BC9DF3DDA268706
                                                                                                                                                                                                                                                      Function 00007FF6E579CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E579CF4B), ref: 00007FF6E579D07C
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E579CF4B), ref: 00007FF6E579D107
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                                                                                      • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                                      • Instruction ID: f20d892eed983c1f67c20a2ce3397d816488759b1691224f14b68e6369da925b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B91E233E1865185FF618F6584603BE2BA0AB44F88F564139DE0ED7684CF3AD872C326
                                                                                                                                                                                                                                                      Function 00007FF6E579F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4170891091-0
                                                                                                                                                                                                                                                      • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                                      • Instruction ID: 6ab7218769b3e96ed6fa9859bc1c4609510dceb3081737046a3292afa635161f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3151D273F042128AEF14CF7899757BC27A1AB44B68F510235DD1ED2AE5DE39E822C605
                                                                                                                                                                                                                                                      Function 00007FF6E579577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2780335769-0
                                                                                                                                                                                                                                                      • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                                      • Instruction ID: 490672eac482fe2128502cb2b0767a3de1a7335d6201e5434ed67d97cd5d8745
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64517A23E186518AFB10CF7194607BD27A1AF48B98F164434DE0DCAA89DF39D8B08766
                                                                                                                                                                                                                                                      Function 00007FF6E5795628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                                                                                      • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                                      • Instruction ID: 33974b73b0be635f95206d5451cbbd7df3dd0451dbb791a2882e1bf961cfc4d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8418123D2879283EB508F20D5603696760FF94BA4F119335EA9C83AD2DF7DA9F08715
                                                                                                                                                                                                                                                      Function 00007FF6E578CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3251591375-0
                                                                                                                                                                                                                                                      • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                      • Instruction ID: 05bb0bea18d81b239c05cb3fb1e89d83595bb84ce170ea995cf784114a5e6fce
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52313923E0826681FE54BB6594723B91685AF45F84F455034DA0DCB2D3DE2FBC34831B
                                                                                                                                                                                                                                                      Function 00007FF6E579013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                      • Instruction ID: f85e69355c849c9989385d362b28a38bc26b9a0b59948c9a8f2d23a9d9d73d35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30511823B2924186EF64DA25942077E6691BF44FA4F1A4634DD7DC37C5CE3EEC30862A
                                                                                                                                                                                                                                                      Function 00007FF6E579C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                                                                                      • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                      • Instruction ID: 8a6036abc1f661d46dbcb156fcaf58e24f8aeed5622670d911bcfa3c3512a2bd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811EF62618A8181DE208B25A820269A361AB85FF0F540331EE7DCB7E9CE3DD8308709
                                                                                                                                                                                                                                                      Function 00007FF6E5795924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E5795839), ref: 00007FF6E5795957
                                                                                                                                                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E5795839), ref: 00007FF6E579596D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1707611234-0
                                                                                                                                                                                                                                                      • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                                      • Instruction ID: 0208fb4fdd5114c7d44a7b0fc042aab30ab06bfc6f477ccb81ca632c1c4ff0a2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E118F2261C62282EE548B15A42123AB760EF84BB1F600236FA9DC19D8EF6DD834DF15
                                                                                                                                                                                                                                                      Function 00007FF6E579A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A95E
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A968
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                                                                                      • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                                      • Instruction ID: af8636155d83063fa96acebfd331eb34c7374926268c7e5245cf2c397fe6e875
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0E08652F0A24343FF145BF194793391651BF88F40F460034C80DC6292DE2DACB1832A
                                                                                                                                                                                                                                                      Function 00007FF6E579AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF6E579A9D5,?,?,00000000,00007FF6E579AA8A), ref: 00007FF6E579ABC6
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF6E579A9D5,?,?,00000000,00007FF6E579AA8A), ref: 00007FF6E579ABD0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 918212764-0
                                                                                                                                                                                                                                                      • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                      • Instruction ID: 637fb9be61b830893466d697cf975e9d54107538ca6ae010dfcf86c2584f4804
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99210813F0D68201FEA0979594B037D16929F84F90F0A0238D96EC77C2CE6EEC70431A
                                                                                                                                                                                                                                                      Function 00007FF6E579BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                      • Instruction ID: 109b2fe229f27420485463cbf3ab81e80e8ae027e2a6e44ba56847c0641b628b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4041D27391D24187EE248A19A4603797BA1EB55F80F150135EA8EC37D1CF2EE832CB66
                                                                                                                                                                                                                                                      Function 00007FF6E5787F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                                                                                      • Opcode ID: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                                                                                                                      • Instruction ID: 3c6d1715586e31ef05ec306b2075db5ac3a7ed67785771f5256eddfa68256070
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7821AD13B1866245FE509A1269247B95651BF45FC4F8D4430DE0DCB746CE7EE871C70B
                                                                                                                                                                                                                                                      Function 00007FF6E579B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                      • Instruction ID: 80c83dd5f771e20f7c1f56a3950d876b93bda5459f22742e76a842be4c018733
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F318F23A2C64281EA116B55946537C2AA1BF80FA0F430135E95DC73D2CE7EACB1872B
                                                                                                                                                                                                                                                      Function 00007FF6E5795F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                      • Instruction ID: 5759d6a29f0dd222a70ae74b56062fd9afea943b1e1c602e80b8f7332003ff42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31118363A2965241EE609F1194203796261BF85F80F460035EA8CD7A95CF3EDC70472A
                                                                                                                                                                                                                                                      Function 00007FF6E57A6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                      • Instruction ID: 3481a6859c8c55bc28b88c3e318470f0a9f07f8030ce9607f1846aa2784fefae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D321B073A1CA4286DF619F28D45037976A0BB84F54F244234EA5EC76DADF3ED8318B05
                                                                                                                                                                                                                                                      Function 00007FF6E57903BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                      • Instruction ID: 4a5a880bdeb80a001d695a690e5773d9721348df64cd1ae73c63d6951491f422
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E90108A2A2874140EE40DF525910269A7A1BF92FE0F4A4230EE5CD3BE6CE3ED8318315
                                                                                                                                                                                                                                                      Function 00007FF6E5797EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                                      • Instruction ID: bafcf74e78801fc11a9af9e7eca4a2fd9442a7989d612b1d9cd868d860a215d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8101C063E1D68340FE606B2155213791292AF46FD0F464235EA5CEA7C6DF2EAC73422B
                                                                                                                                                                                                                                                      Function 00007FF6E5798238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                                      • Instruction ID: d4c4a1693501cd8cd8abb8bf2c7c982cec75600a6e3237514e5971e60d4f4223
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4E0C2A3E1DA0387FF153AA404A27B812315F95B40F470135E908C62C3DD3E6CB4923B
                                                                                                                                                                                                                                                      Function 00007FF6E579EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF6E579B32A,?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A), ref: 00007FF6E579EBED
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                                                                      • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                                      • Instruction ID: b31f43df099b7dbc8a4fbc744251f356d560a3b9b8e0022932a0ac8fc6e93a43
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AF06D56B0920340FE5866A69875BB413919F89FC0F4E8530CD0FC63C2EE1EECB4423A
                                                                                                                                                                                                                                                      Function 00007FF6E579D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF6E5790C90,?,?,?,00007FF6E57922FA,?,?,?,?,?,00007FF6E5793AE9), ref: 00007FF6E579D63A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                                                                      • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                      • Instruction ID: 13e1013eeecf3b1ba1c3488490e1c63855af920ad1c0616257256ae496332831
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFF03A16A0928240FE565AB1586577612915F88FE0F0A0630DD2EC62C2DE2EACB0812A

                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                      Function 00007FF6E57876C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                      • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                                      • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                                      • Instruction ID: 1fd8c12c35b1aabbab91b9384c4135a6ca567065e82196ea09300166c20390e3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8502BA63A0AB07D0EE159B65A8747B62761AF05F85F441031D82EC6261EF3FFD79820B
                                                                                                                                                                                                                                                      Function 00007FF6E57A40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                      • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                      • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                                      • Instruction ID: c48511761969aea5920cae9593d80866df4e1dfc8885b7efc8febc8e9ef9f533
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02B2E573A182828BEB648E24D4607FD37A2FB54B48F501135DA09D7A86DF3AED70CB45
                                                                                                                                                                                                                                                      Function 00007FF6E57883C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,00007FF6E5788919,00007FF6E5783FA5), ref: 00007FF6E578842B
                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF6E5788919,00007FF6E5783FA5), ref: 00007FF6E57884AE
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00007FF6E5788919,00007FF6E5783FA5), ref: 00007FF6E57884CD
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,00007FF6E5788919,00007FF6E5783FA5), ref: 00007FF6E57884DB
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?,00007FF6E5788919,00007FF6E5783FA5), ref: 00007FF6E57884EC
                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF6E5788919,00007FF6E5783FA5), ref: 00007FF6E57884F5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                      • String ID: %s\*
                                                                                                                                                                                                                                                      • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                      • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                                      • Instruction ID: 917195e34f35823cf048b6e5b5b08161955a815588de5a40666b3a554bee364c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22418223A1C55281EE609F60E4683BA63A0FB94F94F500632DA5DC2785EF3EDD798707
                                                                                                                                                                                                                                                      Function 00007FF6E578ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                      • API String ID: 0-2665694366
                                                                                                                                                                                                                                                      • Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                                      • Instruction ID: 1ea31a5ad965a4811cf144f50bda299d0ac83f3c161c8c811946ae866ac61e0e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3452D373A186B54BDBA48F14C468B7D3BA9EB44740F054139E68AC7780DF3ADC64CB46
                                                                                                                                                                                                                                                      Function 00007FF6E578D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                                                                                      • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                                      • Instruction ID: 7ade973e75ee0b381894fe49ac4c8b60bd490b28c9cedb2ae95519a25d81ec35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA314F73609B8186EB608F60E8907EE7760FB84B44F04403ADA4E87B95EF3DD968C715
                                                                                                                                                                                                                                                      Function 00007FF6E579A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                                                                      • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                                      • Instruction ID: 457fc43f9b857628b2294d3c2b08fe32f8b137cf69a34ee5ecf2579d3873217d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04318E37608B8186DB60CF24E8507AE37A4FB88B94F500136EA8DC3B95EF3DC5658B01
                                                                                                                                                                                                                                                      Function 00007FF6E57A1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2227656907-0
                                                                                                                                                                                                                                                      • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                                      • Instruction ID: 34c07ba9357330d2066b321d4a1dfe0368dd27d5724a728157b60a8559f376f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44B1F623B1969241FE609B2194243B96391EB44FE0F445531EA5DC7B8AEF3DEC71C306
                                                                                                                                                                                                                                                      Function 00007FF6E578D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                                                      • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                                      • Instruction ID: d5d5924efaac2697eb16b666c954108250a1a4a83440119eea9ecdb449b11a29
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5111C22B14B058AEF409B60E8643A933B4FB59B98F440E31DA6DC67A4EF78D5748345
                                                                                                                                                                                                                                                      Function 00007FF6E57A3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1502251526-0
                                                                                                                                                                                                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                      • Instruction ID: 9abb3739fb485b057cb0442df0cd2f5f61d4fcf7169457a8d0bdb06624b36758
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BC1C173B1868687EB248F19A05476AB7A1F788B84F448135DB4AC3785DF3EEC61CB44
                                                                                                                                                                                                                                                      Function 00007FF6E578A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                      • API String ID: 0-1127688429
                                                                                                                                                                                                                                                      • Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                                      • Instruction ID: 61f941425e1c7a06ec46cc9dd587ab27c37c1f82902ef1b95c10765229b8ad6b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02F19373A083E58BEBA58F158098B3A3AA9EF44B50F054538DA89C7790CF3DDD61C746
                                                                                                                                                                                                                                                      Function 00007FF6E57A9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 15204871-0
                                                                                                                                                                                                                                                      • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                                      • Instruction ID: 78165e56fe7d14710eba97bbf505d3102378a508d7b60825d5500c4657b5783f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FB13B73A04B898AEB15CF29C8563687BA0F784F48F158922DA5DC37A5CF3AD871C705
                                                                                                                                                                                                                                                      Function 00007FF6E57939A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                                                                      • API String ID: 0-227171996
                                                                                                                                                                                                                                                      • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                                      • Instruction ID: e254bb4a89fd4bcead030ae0e4f42718910124ef65942bdb03bc26224bf0cbc6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29E17F33A0865685EF688E2D806023923A1FB45F48F265235DE1EC7694DF2BEC71C75A
                                                                                                                                                                                                                                                      Function 00007FF6E578A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                      • API String ID: 0-900081337
                                                                                                                                                                                                                                                      • Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                                      • Instruction ID: 444ac7a88a5226234178a568ff7d7e4b0446cc37de53bd63bbb90029a94e52d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84918773A1829687EBA48E14C46CB3E3A99FB44750F114139DA9EC6790CF39ED60CB47
                                                                                                                                                                                                                                                      Function 00007FF6E579DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                                                                                                      • API String ID: 0-3030954782
                                                                                                                                                                                                                                                      • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                                      • Instruction ID: 2917d72393d9fe29a5a7ea6ee53d6037aa0f731e3e338ff95a26b9f780979662
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54517C63B182C146EB258E39982176A6792F744F94F49C231CBACC7BC5CE3ED860C716
                                                                                                                                                                                                                                                      Function 00007FF6E579DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: gfffffff
                                                                                                                                                                                                                                                      • API String ID: 0-1523873471
                                                                                                                                                                                                                                                      • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                      • Instruction ID: 229a10ea05873c6a3dae52e4375eb655abf6f321f536e78d5f89fda34bfdf4b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAA15863A087C946EF22CF25A4207AA7B91EB51F84F068032DE4DC7785DE3ED821C716
                                                                                                                                                                                                                                                      Function 00007FF6E5798794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: TMP
                                                                                                                                                                                                                                                      • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                      • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                                      • Instruction ID: eef3996ecab03d678a5114d4a35f937cee8e88cb95a27a0bbe3698bf542c09c5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C51E303F1961341FE64AA2759347BA52A16F40FE4F4A4435DE0EC7786EE3EEC31422A
                                                                                                                                                                                                                                                      Function 00007FF6E57A3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                                                                                      • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                                      • Instruction ID: ffdf64c462c12ec37490dad1800842a10a8832e9d3f0a574b1b583388b58bd21
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94B09221E07A02C2EE086B21AC92B1826A4BF48B01F980139C40DC4330EF2D28F55706
                                                                                                                                                                                                                                                      Function 00007FF6E57935A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                                      • Instruction ID: 385b1002bfc3f2e657e47c1427a24f46511aade78f43f1313fea65f0d4a6fa92
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CD1C367A0864286EF688E2D806477D27A1AB05F48F160235CE0DC7795CF3BEC75C76A
                                                                                                                                                                                                                                                      Function 00007FF6E5789800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                                      • Instruction ID: 13067a5741c6d71e6e657a012f71341de570ed0caca1e12e3be3385c9e2a8b6a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CC18E772181E08BD289EB29E47947A73D1F78930DB95406BEF8787785CA3CA824DB11
                                                                                                                                                                                                                                                      Function 00007FF6E5792C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                                      • Instruction ID: 79c7e865811a7c94a6604f698774333149f3bf53dbe9488be97d7b6eb593acd8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35B16D7390869585EB64DF29C0A427C3BA0E749F48F264139CA4EC7395CF3AD871C76A
                                                                                                                                                                                                                                                      Function 00007FF6E579E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                                      • Instruction ID: f8a41b2b6dc7b1edee8ed584dd865cb669337de32eeea9c8ccf65602f951185f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A281F373A0878146EB74CF19946037A6B91FB45BD0F058235DE8DC3B89DE3EE8208B16
                                                                                                                                                                                                                                                      Function 00007FF6E57A6418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                                      • Instruction ID: 23535e7991c935823eeb6a6d89d0b196bf99294a76a1e381ff3206b0296798d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B961C423E1C25246FF648A39946477D6691AF81F60F190239D61EC36C6DF6FEC30870A
                                                                                                                                                                                                                                                      Function 00007FF6E5791D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                      • Instruction ID: cd0b2d17a24eccce2d958b97ddbc8596b923f21c8ec9a65c389ad49fe131a2d4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8518F77A18A6582EB248B29C06436833A1EB85F68F264135CA4DC7794CF3BEC72C755
                                                                                                                                                                                                                                                      Function 00007FF6E5791944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                      • Instruction ID: 24511970b2a1330b68462283cdf4b29fc4a7b317c1bdc5a9230c366e0af9aafb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9515F37A1865286EB248B29C06433827A1EB45F68F264131CA8DD7794DF3BEC73C756
                                                                                                                                                                                                                                                      Function 00007FF6E5792164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                      • Instruction ID: 7cd4a3a5dd33947a3eb444998958deca7e04919f7f8459be51cf9ad9313cab8f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3519037A2865182EB249B29C46072C63A1EB59F68F264131CA4CC7794CF3BEC73C755
                                                                                                                                                                                                                                                      Function 00007FF6E5791740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                      • Instruction ID: 1fdf5c234a024344726c191edb1c69849a544f72a72d70ccd9a81f6e6001fcd8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19519C3BA1865286EB248B29C06477827A1EB45F68F264131CE4CD7794CF3BEC72C795
                                                                                                                                                                                                                                                      Function 00007FF6E5791F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                      • Instruction ID: 2613599db301a9fb0ea03ecaa54bf127b0fccc37649c7731052fe6bf1efef407
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86519D77A2965582EB248B29C06033827A1EB44F58F264131CA4DD77A9CF3BEC73C795
                                                                                                                                                                                                                                                      Function 00007FF6E5791B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                      • Instruction ID: 3ad264f37db1a575239967a43d9d38048f0b9cb90dfb9263e3dfa1e8ec920528
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67519F37A18A5186EB248B29C06032827A1EB85F58F265131CE4CD7794DF3BEC73C799
                                                                                                                                                                                                                                                      Function 00007FF6E5795D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                      • Instruction ID: b0810ec3d95cc74996d54a738a2088d1f396ff680a7bcb01e660e65ff806eef2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC41E66382D77A05EDA9891845287B416809FA3FA0D5A13B8CD9DDB3C7CC0F6DB6C126
                                                                                                                                                                                                                                                      Function 00007FF6E5799EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                                                                                      • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                                      • Instruction ID: 13542f5c75d66c4cda6e4d573140f3e93de57512fc9dfe3395e430a39256c37f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83412973715A5582EF44CF2AD924269B3A2F748FD0B099432DE4DD7B58DE3EC8618305
                                                                                                                                                                                                                                                      Function 00007FF6E57980E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                      • Instruction ID: a40cec628f00b46f686a4701ac55693cea34b117ee49d68ce123aa5cc8251cbd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44311433719B4281EB649F21A45022D66E5AB84FE0F05423CEA8DD3BD6CF3DD8318709
                                                                                                                                                                                                                                                      Function 00007FF6E57A9570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                                      • Instruction ID: cad7787283d9c7355a59f5ec5d64effd09a385da67b1123f66fdf66482464e14
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2F04472B182958ADB98DF6DB45262977D0F748780F408139D58DC7A04DF3DD4718F09
                                                                                                                                                                                                                                                      Function 00007FF6E578D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                                      • Instruction ID: 66bf2c769588193a8f702a84362211233abc25dbd91a0a149e5309220efdb4ea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BA0012290C91AD0EA448B00A8B0A662620FB58B41B800032E00DD14A1AF2EA834920B
                                                                                                                                                                                                                                                      Function 00007FF6E5785830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E5785840
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E5785852
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E5785889
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E578589B
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57858B4
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57858C6
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57858DF
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57858F1
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E578590D
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E578591F
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E578593B
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E578594D
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E5785969
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E578597B
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E5785997
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57859A9
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57859C5
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E57864CF,?,00007FF6E578336E), ref: 00007FF6E57859D7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                      • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                      • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                                      • Instruction ID: 0eb536be5c6fb7670d1c343824abd8e30479c1422c347d2f07ea7660cb2ad681
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD22B563A1AB17A1FE059B65A87477527A4AF08F81F441035D51EC6262FF3EFC78820B
                                                                                                                                                                                                                                                      Function 00007FF6E57881D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5789390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E57845F4,00000000,00007FF6E5781985), ref: 00007FF6E57893C9
                                                                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6E57886B7,?,?,00000000,00007FF6E5783CBB), ref: 00007FF6E578822C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782810: MessageBoxW.USER32 ref: 00007FF6E57828EA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                      • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                      • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                                      • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                                      • Instruction ID: 7c273fc23be7b64a93fff05bf0e04f3efc9a3f7076d5108782c236ad935b7ff0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D519613A2C65281FE509B25E8717BE6390AF94F80F444831D60EC26D6EE3EEC35834B
                                                                                                                                                                                                                                                      Function 00007FF6E5782180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                      • String ID: P%
                                                                                                                                                                                                                                                      • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                      • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                      • Instruction ID: ad2e5a093597b465d80fb1689ad37a8c154d6ea147635f3d9d6f0d08be26ad41
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 275128266047A186DA349F32E4282BABBA1F798BA1F004121EFCEC3795DF3CD455CB14
                                                                                                                                                                                                                                                      Function 00007FF6E57880C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                      • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                      • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                      • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                                      • Instruction ID: 90ec326bacb2500e486985bbc67f3b722222abd3c9c097550ec0f3e8ee3239a8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08217623B19A4282EF458B7AE8643796650EF84FD0F584135DA1DC33D5DE2DDDB18207
                                                                                                                                                                                                                                                      Function 00007FF6E5796290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                      • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                      • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                      • Instruction ID: cdd25f54b7254392055f99d7d0591dfab9d63dcd7620c8ec55865b7f42e2216e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65128067E0C28386FF245E14D1647B97662EB40F50F864235D689C66C4DF3EEDB08B2A
                                                                                                                                                                                                                                                      Function 00007FF6E5790FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                      • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                      • Instruction ID: 627d684ee7d89e5d15682760e93a274dc3f58dda26eedc13b01259002e6a1b5e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91128563E1C54386FF209E15D06477976A1FB40B90F964031D69AC6AC4DF3EEDB08B2A
                                                                                                                                                                                                                                                      Function 00007FF6E5781050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                      • Opcode ID: ff5b4fad13ef8aaee9d991072cb01505e6ede49a985447baf4eec0a072074c38
                                                                                                                                                                                                                                                      • Instruction ID: c9671914a869813a0f302ee47f88aa6cba666aea87625d67f348e13525db22ba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff5b4fad13ef8aaee9d991072cb01505e6ede49a985447baf4eec0a072074c38
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2419063B186A286EE10DB12A8247B96791BF44FC4F444432ED0CC7786DE3EE975874B
                                                                                                                                                                                                                                                      Function 00007FF6E5781470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                      • Opcode ID: 1a2ba8a856b3fca217ae97ea7c4189b5fa745fbbe5bd2f21962a353e35730f78
                                                                                                                                                                                                                                                      • Instruction ID: fa39254ce2afc7f5f1275155fe194beac0db39c091bc86833a5bf56acfbd87cd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a2ba8a856b3fca217ae97ea7c4189b5fa745fbbe5bd2f21962a353e35730f78
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16418E23B0869286EE10DB2294207B96391BF44F94F444932ED1DC7B96DE3EED75870B
                                                                                                                                                                                                                                                      Function 00007FF6E578EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                      • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                                      • Instruction ID: 84b7582ea644eeeaa68bf1b84b3f351ce31c4c7f0266842168ef179d64256e27
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81D18D23A0876186EF209B2594603ADA7A0FB45B98F140135EE4DD7B96CF39E8B4C707
                                                                                                                                                                                                                                                      Function 00007FF6E579ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF6E579F0AA,?,?,00000232227169D8,00007FF6E579AD53,?,?,?,00007FF6E579AC4A,?,?,?,00007FF6E5795F3E), ref: 00007FF6E579EE8C
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF6E579F0AA,?,?,00000232227169D8,00007FF6E579AD53,?,?,?,00007FF6E579AC4A,?,?,?,00007FF6E5795F3E), ref: 00007FF6E579EE98
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                      • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                                      • Instruction ID: ad40d3aa4f05644a62cb90849aafb0183dab027b0cc212c565fc3f0aeecd1ac7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C41BF63B19A1241FE159B16982077523A1BF48FD0F8A8139DD1DC7384EE3EEC75831A
                                                                                                                                                                                                                                                      Function 00007FF6E5782C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E5783706,?,00007FF6E5783804), ref: 00007FF6E5782C9E
                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E5783706,?,00007FF6E5783804), ref: 00007FF6E5782D63
                                                                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF6E5782D99
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                                      • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                      • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                                      • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                                      • Instruction ID: d144595578db3afed06f82bc915917d6ca8bcdeb4ff2aebcf8d76ee7d280866d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5331E723708A5142EA20AB25B8247AA6A95BF84FC9F410135EF4DD3759DF3DD936C305
                                                                                                                                                                                                                                                      Function 00007FF6E578DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E578DF7A,?,?,?,00007FF6E578DC6C,?,?,?,00007FF6E578D869), ref: 00007FF6E578DD4D
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF6E578DF7A,?,?,?,00007FF6E578DC6C,?,?,?,00007FF6E578D869), ref: 00007FF6E578DD5B
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E578DF7A,?,?,?,00007FF6E578DC6C,?,?,?,00007FF6E578D869), ref: 00007FF6E578DD85
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF6E578DF7A,?,?,?,00007FF6E578DC6C,?,?,?,00007FF6E578D869), ref: 00007FF6E578DDF3
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF6E578DF7A,?,?,?,00007FF6E578DC6C,?,?,?,00007FF6E578D869), ref: 00007FF6E578DDFF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                      • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                                      • Instruction ID: 1c59b13dfa60c98a0dac66d3fa964065c5b857d3c9e39c6e8d5b2172b1e1a212
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F31D263B1A72291EE119B1294207B62794FF48FA0F590536DD1DC7384EF3EE874832A
                                                                                                                                                                                                                                                      Function 00007FF6E5786360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                      • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                      • Opcode ID: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                                                                                                                      • Instruction ID: b1b471b0bde8407fdf8a3984a7dbc7e0e2b9f790d63925557c86df373d90959b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E419423A1C696A1EE10DB10E4243E96355FF54B44F800132EA5DC7696EF3DEA35C347
                                                                                                                                                                                                                                                      Function 00007FF6E5782A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6E578351A,?,00000000,00007FF6E5783F23), ref: 00007FF6E5782AA0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                      • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                                      • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                                      • Instruction ID: a51e602b0fed659afacd74dc0d6961e8ee51360b2dce04a78f3db09dcce3c690
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5821A133A1878192EB209B51B8607E667A4FB88BC4F400132FE8DC3759DF3DDA658745
                                                                                                                                                                                                                                                      Function 00007FF6E579B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                      • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                                      • Instruction ID: ba2db286dc09dfe3bf73bd60bef0b0be4b685de3b3cbfdb2c193ae2f7cb052d8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90216D22B1D64241FE596325597533956425F44FF0F128734D92EC66CADD2EEC30832B
                                                                                                                                                                                                                                                      Function 00007FF6E57A7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                      • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                                      • Instruction ID: de4b917fe6f339dd1c941239fd3815c5ac8f78f9844dc294055c5752783a45b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2119322B18A4186EB909B12E86432967A0FB88FE4F000234EE5DC7795DF3DDC348749
                                                                                                                                                                                                                                                      Function 00007FF6E5788ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6E5783FB1), ref: 00007FF6E5788EFD
                                                                                                                                                                                                                                                      • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6E5783FB1), ref: 00007FF6E5788F5A
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5789390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E57845F4,00000000,00007FF6E5781985), ref: 00007FF6E57893C9
                                                                                                                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6E5783FB1), ref: 00007FF6E5788FE5
                                                                                                                                                                                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6E5783FB1), ref: 00007FF6E5789044
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6E5783FB1), ref: 00007FF6E5789055
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6E5783FB1), ref: 00007FF6E578906A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3462794448-0
                                                                                                                                                                                                                                                      • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                                      • Instruction ID: be5ad65963963244afbf1026d90232c85b5c699ae74af92e1587a4012549fe19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76416E63A1969281EE209B12A5203BA6794EB85FC4F450135EF4DD7789DE3ED930C70A
                                                                                                                                                                                                                                                      Function 00007FF6E579B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A,?,?,?,?,00007FF6E579718F), ref: 00007FF6E579B2D7
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A,?,?,?,?,00007FF6E579718F), ref: 00007FF6E579B30D
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A,?,?,?,?,00007FF6E579718F), ref: 00007FF6E579B33A
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A,?,?,?,?,00007FF6E579718F), ref: 00007FF6E579B34B
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A,?,?,?,?,00007FF6E579718F), ref: 00007FF6E579B35C
                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF6E5794F11,?,?,?,?,00007FF6E579A48A,?,?,?,?,00007FF6E579718F), ref: 00007FF6E579B377
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                      • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                                      • Instruction ID: 65d675e59f14fd81c10ad915383c753f2cc112214364b0b1a314546a98985b42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF116D22B0D64282FE55A325567133D26869F44FF0F168734D82EC67D6DE2EEC31832A
                                                                                                                                                                                                                                                      Function 00007FF6E5782910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E5781B6A), ref: 00007FF6E578295E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                      • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                                      • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                                      • Instruction ID: b6ad30916c1c09036fecc657025e79cdaadcdf1385189c935b25d4cec9cd7fd3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0331F423B1869152EB20A761B8607E66695BF88BD4F400132FE8DC3759EF3DD9768306
                                                                                                                                                                                                                                                      Function 00007FF6E5782390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                      • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                      • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                      • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                                      • Instruction ID: 9bbc910bb3d1893117586434706996873ed36f314dccd4758535cf193209942a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1318073619A8285EF20DB21E8643FA6760FF88B88F440135EA4DC7B5ADF3DD5248706
                                                                                                                                                                                                                                                      Function 00007FF6E5782B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6E578918F,?,00007FF6E5783C55), ref: 00007FF6E5782BA0
                                                                                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF6E5782C2A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                                      • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                                      • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                                      • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                                      • Instruction ID: f35cb244d64ab6d82a8b2cbd7543f4f77c618e092206ded9c6043b0000eb4bb1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A21D163708B8182EB109B24F8547AA77A4FB88BC0F400136EE8DD775ADE3DDA25C745
                                                                                                                                                                                                                                                      Function 00007FF6E5782710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6E5781B99), ref: 00007FF6E5782760
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                      • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                                      • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                                      • Instruction ID: ffbc39600ceb5bbe68ca27f8b149ea86339ad2f092baacd38b6be3b02d5c451b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821D133A18B9182EB209B11B8507E6A7A4FB88BC0F400131FE8CC3749DF3DD9658745
                                                                                                                                                                                                                                                      Function 00007FF6E5799A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                      • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                                      • Instruction ID: bd75b4d076dc116b53c3211d7ccd3280d5bb514a4804b4d71fc91acdb117c96c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADF06223B1970681FE108B64E4A537A6720EF49FA1F540235D66EC65E4DF2EDCB4C31A
                                                                                                                                                                                                                                                      Function 00007FF6E57A9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                                                                                      • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                      • Instruction ID: a3e1d1b9a652b730e6b57e875b7796daac127c9fdcdf270a0ed2a243d7fc0c72
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC118223E5CA0301FF641165E4F13792060AF59F60E040635FB6EDA2DB9E6EEC71810A
                                                                                                                                                                                                                                                      Function 00007FF6E579B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF6E579A5A3,?,?,00000000,00007FF6E579A83E,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579B3AF
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E579A5A3,?,?,00000000,00007FF6E579A83E,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579B3CE
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E579A5A3,?,?,00000000,00007FF6E579A83E,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579B3F6
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E579A5A3,?,?,00000000,00007FF6E579A83E,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579B407
                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF6E579A5A3,?,?,00000000,00007FF6E579A83E,?,?,?,?,?,00007FF6E579A7CA), ref: 00007FF6E579B418
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                      • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                                      • Instruction ID: f7e9a4bb1b1f18792edfe0d9c45e18f6faea575928e660161ccae31dae3f1841
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD116062F0D60241FE55A325567133926425F44FF0F5A8334E82DC67DADD2EEC31822A
                                                                                                                                                                                                                                                      Function 00007FF6E579B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                      • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                                      • Instruction ID: 716ca7516366e61c7ac4fb80c1ef0d65246f3e962df9b1fa28d61dc8226bc492
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B110622A0D60741FD9962654471B7D56828F45F70F168734D93ECA6C6DD2FBC70822B
                                                                                                                                                                                                                                                      Function 00007FF6E5795FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: verbose
                                                                                                                                                                                                                                                      • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                      • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                      • Instruction ID: 105d98a9b9cada3433750b43fa6fa2644b852c02208633d649ae36831048acb1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F91BF23A1CA4681EF218F24D460B7D76A1AB40F94F464232DA59C73D5DE3EEC75832A
                                                                                                                                                                                                                                                      Function 00007FF6E579FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                      • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                                      • Instruction ID: fe7301bd9aa671460b062bb5dc7fb83100d77263d828986336cc4c395feb766e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE819F73E0825285FF669E29817037826A0AB51F48F579035CA09D7289CF2FED71D36B
                                                                                                                                                                                                                                                      Function 00007FF6E578D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                      • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                      • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                                      • Instruction ID: 981e62f79452afe0563c438b1f4c50fd95358dafb7552c778112b778bc6642e0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3518E23A19B128ADF149B15E064B7A6791EB44F98F108130DA4EC7748EF7EEC71C74A
                                                                                                                                                                                                                                                      Function 00007FF6E578EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                      • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                                      • Instruction ID: 62175ba05c0ccc111bdddb31ac4b9286972fb3c935d8ace2e3633004421cf0ae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9161B233908BC585DB609B15E4503AAB7A0FB85B94F044225EB9C83B95DF7DE4B0CB06
                                                                                                                                                                                                                                                      Function 00007FF6E578F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                      • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                                      • Instruction ID: b16ff50deb6f994177598dfc8f809631333dc78970d77ad1df299056def558d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65516D73A0866286EF648A21D06476877A0EB55F94F144136DA4DC7B96CF3EEC70C70B
                                                                                                                                                                                                                                                      Function 00007FF6E5782810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                      • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                                      • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                                      • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                                      • Instruction ID: 0208d4da63006592725eb6886bdd13e200a84246229bb93df0bf58e3918dfe55
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E021B163708B8182EB109B14B4547AA67A4FB88B80F400135EA8DD7656DE3DDA65C745
                                                                                                                                                                                                                                                      Function 00007FF6E579C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                                                                                      • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                                      • Instruction ID: abb66cd675b9ed6405c304be12af731a48422914498159d289ca425a6d837926
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DD1F173B08A818AEF10CF65D4542AC37B5FB14B98B414226DF4ED7B89DE39D826C319
                                                                                                                                                                                                                                                      Function 00007FF6E57820C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1956198572-0
                                                                                                                                                                                                                                                      • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                      • Instruction ID: 5a81a760aef9423e534de8653270569283c46cea8fe4f5f03d24f1cd4b4ba83e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6911C622E1C15242FE548769E59437D5691EB84FC1F548030DA49C7B8ACD3EECB5820B
                                                                                                                                                                                                                                                      Function 00007FF6E57A5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                      • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                                      • Instruction ID: b55d68124ba815418bae25daf9f65b02e98933a54820d35a8aaeaaf022abbf1f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC414913A2828245FF648B26942137A6751EB81FA4F144235EE5CC6ADBDF3ED871870A
                                                                                                                                                                                                                                                      Function 00007FF6E5799014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E5799046
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A95E
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E579A948: GetLastError.KERNEL32(?,?,?,00007FF6E57A2D22,?,?,?,00007FF6E57A2D5F,?,?,00000000,00007FF6E57A3225,?,?,?,00007FF6E57A3157), ref: 00007FF6E579A968
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6E578CBA5), ref: 00007FF6E5799064
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\UpdaterTool.exe
                                                                                                                                                                                                                                                      • API String ID: 3580290477-643795526
                                                                                                                                                                                                                                                      • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                                      • Instruction ID: c4b67e8724eac1670034c3749c3349838c419f1888f3d29122cabdb15ea10865
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE417D33A08A1285EF149F2594602BD67A5FB48BD0B564035EA4DC7B85DF3ADCB1831A
                                                                                                                                                                                                                                                      Function 00007FF6E579CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                      • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                                      • Instruction ID: 8a2197c304c05daf9c48c42a983564b20b75f268c701daebb25effcbbc2eb3df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9441CF23A18A4182DF208F25E4553AA6BA4FB88B84F814131EF4DC7B88EF3DD821C755
                                                                                                                                                                                                                                                      Function 00007FF6E579F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                      • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                                      • Instruction ID: 2363369884e3030a066018fd0c1c1dc5342fa3f99462f1603be180c7b92e6aed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B821C063A1838181EF219F15906436E63B1FB84F84F464035DA8DC3684CF7EDD64C756
                                                                                                                                                                                                                                                      Function 00007FF6E578FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                      • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                                      • Instruction ID: b5b4a9ba682ca322d3b1bae934d86309418faadcc05e20a6c4e2ea2fbc9837e4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4114C33618B9182EB218F25E4102597BE4FB88B84F584231DB8D87755DF3DD971C705
                                                                                                                                                                                                                                                      Function 00007FF6E57A073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2939611241.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939576663.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939737847.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939808858.00007FF6E57C2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2939922579.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                      • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                                      • Instruction ID: 162db22d88843129e40d7267b953b2f5e5b91da29128e6b3796b1a4b328c16d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2601846391820386FF61AF60947937E23A0EF44B44F950435D64DC6686EE3ED9748F1E

                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                      Function 00007FFDFABD8A30 Relevance: 591.1, APIs: 57, Strings: 280, Instructions: 1345libraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 0 7ffdfabd8a30-7ffdfabd8a63 PySys_GetObject 1 7ffdfabd8a65-7ffdfabd8a73 PyLong_AsUnsignedLongMask 0->1 2 7ffdfabd8aa1 PyErr_Clear 0->2 3 7ffdfabd8a75-7ffdfabd8a7e PyErr_Occurred 1->3 4 7ffdfabd8aa7-7ffdfabd8ab5 call 7ffdfabe40b0 1->4 2->4 3->4 5 7ffdfabd8a80 3->5 9 7ffdfabd8ab7-7ffdfabd8ab9 call 7ffdfabe4180 4->9 10 7ffdfabd8abe-7ffdfabd8ac7 ?PyWinGlobals_Ensure@@YAHXZ 4->10 7 7ffdfabd8a82-7ffdfabd8aa0 5->7 9->10 10->5 11 7ffdfabd8ac9-7ffdfabd8ae1 PyModule_Create2 10->11 11->5 13 7ffdfabd8ae3-7ffdfabd8af2 PyModule_GetDict 11->13 13->5 14 7ffdfabd8af4-7ffdfabd8afb call 7ffdfabe2d10 13->14 14->5 17 7ffdfabd8afd-7ffdfabd8b55 PyDict_SetItemString * 3 PyType_Ready 14->17 17->5 18 7ffdfabd8b5b-7ffdfabd8b6e PyType_Ready 17->18 18->5 19 7ffdfabd8b74-7ffdfabd8b87 PyType_Ready 18->19 19->5 20 7ffdfabd8b8d-7ffdfabd8ba0 PyType_Ready 19->20 20->5 21 7ffdfabd8ba6-7ffdfabd8c83 call 7ffdfac19e90 _Py_NewReference PyDict_SetItemString call 7ffdfac19e90 _Py_NewReference PyDict_SetItemString call 7ffdfac19e90 _Py_NewReference PyDict_SetItemString call 7ffdfac19e90 _Py_NewReference PyDict_SetItemString 20->21 30 7ffdfabd8c85-7ffdfabd8c9c PyErr_SetString 21->30 31 7ffdfabd8ca1-7ffdfabd8cb6 PyDict_SetItemString 21->31 30->5 31->5 32 7ffdfabd8cbc-7ffdfabd8cd1 PyDict_SetItemString 31->32 32->5 33 7ffdfabd8cd7-7ffdfabd8cf3 PyDict_SetItemString 32->33 33->5 34 7ffdfabd8cf9-7ffdfabd8d27 PyErr_NewException PyDict_SetItemString 33->34 34->5 35 7ffdfabd8d2d-7ffdfabd8d3b 34->35 36 7ffdfabd8d40-7ffdfabd8d54 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 35->36 36->5 37 7ffdfabd8d5a-7ffdfabd8d6e PyDict_SetItemString 36->37 38 7ffdfabd8d70-7ffdfabd8d74 37->38 39 7ffdfabd8d7f-7ffdfabd8d81 37->39 38->39 40 7ffdfabd8d76-7ffdfabd8d79 _Py_Dealloc 38->40 39->5 41 7ffdfabd8d87-7ffdfabd8d8a 39->41 40->39 41->36 42 7ffdfabd8d8c-7ffdfabd8d9c PyType_Ready 41->42 42->5 43 7ffdfabd8da2-7ffdfabd8db2 PyType_Ready 42->43 43->5 44 7ffdfabd8db8-7ffdfabd8dc8 PyType_Ready 43->44 44->5 45 7ffdfabd8dce-7ffdfabd8dde PyType_Ready 44->45 45->5 46 7ffdfabd8de4-7ffdfabd8df4 PyType_Ready 45->46 46->5 47 7ffdfabd8dfa-7ffdfabd8e12 PyModule_Create2 46->47 47->5 48 7ffdfabd8e18-7ffdfabd8e4b PyDict_New PyDict_SetItemString GetModuleHandleW 47->48 49 7ffdfabd8e4d-7ffdfabd8eb9 GetProcAddress * 5 48->49 50 7ffdfabd8ec0-7ffdfabd8ed0 GetModuleHandleW 48->50 49->50 51 7ffdfabd8ed2-7ffdfabd8ee2 LoadLibraryExW 50->51 52 7ffdfabd8ee4-7ffdfabd8ef4 GetProcAddress 50->52 51->52 53 7ffdfabd8efb-7ffdfabda398 call 7ffdfabd89c0 * 254 call 7ffdfabd12d0 51->53 52->53 564 7ffdfabda39a-7ffdfabda3c0 call 7ffdfabd89c0 * 2 53->564 565 7ffdfabda3c2-7ffdfabda3e2 call 7ffdfabd89c0 * 2 53->565 574 7ffdfabda3e5-7ffdfabda41a call 7ffdfabd89c0 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 564->574 565->574 577 7ffdfabda41c-7ffdfabda420 574->577 578 7ffdfabda42b-7ffdfabda451 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 574->578 577->578 579 7ffdfabda422-7ffdfabda425 _Py_Dealloc 577->579 580 7ffdfabda462-7ffdfabda488 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 578->580 581 7ffdfabda453-7ffdfabda457 578->581 579->578 583 7ffdfabda48a-7ffdfabda48e 580->583 584 7ffdfabda499-7ffdfabda49c 580->584 581->580 582 7ffdfabda459-7ffdfabda45c _Py_Dealloc 581->582 582->580 583->584 585 7ffdfabda490-7ffdfabda493 _Py_Dealloc 583->585 584->7 585->584
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dict_String$Item$ReadyType_$AddressProc$DeallocFrom$D@@@Err_Object_ReferenceU_object@@$HandleModuleModule_$Create2LongLong_$ClearDictEnsure@@ExceptionGlobals_LibraryLoadMaskObjectOccurredSys_Unsigned
                                                                                                                                                                                                                                                      • String ID: ACTIVEOBJECT_STRONG$ACTIVEOBJECT_WEAK$ArgNotFound$CLSCTX_ALL$CLSCTX_INPROC$CLSCTX_INPROC_HANDLER$CLSCTX_INPROC_SERVER$CLSCTX_LOCAL_SERVER$CLSCTX_REMOTE_SERVER$CLSCTX_SERVER$COINIT_APARTMENTTHREADED$COINIT_DISABLE_OLE1DDE$COINIT_MULTITHREADED$COINIT_SPEED_OVER_MEMORY$COWAIT_ALERTABLE$COWAIT_WAITALL$CoCreateInstanceEx$CoGetCancelObject$CoGetObjectContext$CoInitializeSecurity$CoWaitForMultipleHandles$CreateURLMonikerEx$DATADIR_GET$DATADIR_SET$DESCKIND_FUNCDESC$DESCKIND_VARDESC$DISPATCH_METHOD$DISPATCH_PROPERTYGET$DISPATCH_PROPERTYPUT$DISPATCH_PROPERTYPUTREF$DISPID_COLLECT$DISPID_CONSTRUCTOR$DISPID_DESTRUCTOR$DISPID_EVALUATE$DISPID_NEWENUM$DISPID_PROPERTYPUT$DISPID_STARTENUM$DISPID_THIS$DISPID_UNKNOWN$DISPID_VALUE$DVASPECT_CONTENT$DVASPECT_DOCPRINT$DVASPECT_ICON$DVASPECT_THUMBNAIL$EOAC_ACCESS_CONTROL$EOAC_ANY_AUTHORITY$EOAC_APPID$EOAC_AUTO_IMPERSONATE$EOAC_DEFAULT$EOAC_DISABLE_AAA$EOAC_DYNAMIC$EOAC_DYNAMIC_CLOAKING$EOAC_MAKE_FULLSIC$EOAC_MUTUAL_AUTH$EOAC_NONE$EOAC_NO_CUSTOM_MARSHAL$EOAC_REQUIRE_FULLSIC$EOAC_SECURE_REFS$EOAC_STATIC_CLOAKING$EXTCONN_CALLABLE$EXTCONN_STRONG$EXTCONN_WEAK$Empty$FMTID_DocSummaryInformation$FMTID_SummaryInformation$FMTID_UserDefinedProperties$FUNCFLAG_FBINDABLE$FUNCFLAG_FDEFAULTBIND$FUNCFLAG_FDISPLAYBIND$FUNCFLAG_FHIDDEN$FUNCFLAG_FREQUESTEDIT$FUNCFLAG_FRESTRICTED$FUNCFLAG_FSOURCE$FUNCFLAG_FUSESGETLASTERROR$FUNC_DISPATCH$FUNC_NONVIRTUAL$FUNC_PUREVIRTUAL$FUNC_STATIC$FUNC_VIRTUAL$IDLFLAG_FIN$IDLFLAG_FLCID$IDLFLAG_FOUT$IDLFLAG_FRETVAL$IDLFLAG_NONE$IMPLTYPEFLAG_FDEFAULT$IMPLTYPEFLAG_FRESTRICTED$IMPLTYPEFLAG_FSOURCE$INVOKE_FUNC$INVOKE_PROPERTYGET$INVOKE_PROPERTYPUT$INVOKE_PROPERTYPUTREF$InterfaceNames$MKSYS_ANTIMONIKER$MKSYS_CLASSMONIKER$MKSYS_FILEMONIKER$MKSYS_GENERICCOMPOSITE$MKSYS_ITEMMONIKER$MKSYS_NONE$MKSYS_POINTERMONIKER$MSHCTX_DIFFERENTMACHINE$MSHCTX_INPROC$MSHCTX_LOCAL$MSHCTX_NOSHAREDMEM$MSHLFLAGS_NOPING$MSHLFLAGS_NORMAL$MSHLFLAGS_TABLESTRONG$MSHLFLAGS_TABLEWEAK$Missing$Nothing$PARAMFLAG_FHASDEFAULT$PARAMFLAG_FIN$PARAMFLAG_FLCID$PARAMFLAG_FOPT$PARAMFLAG_FOUT$PARAMFLAG_FRETVAL$PARAMFLAG_NONE$REGCLS_MULTIPLEUSE$REGCLS_MULTI_SEPARATE$REGCLS_SINGLEUSE$REGCLS_SUSPENDED$ROTFLAGS_ALLOWANYCLIENT$ROTFLAGS_REGISTRATIONKEEPSALIVE$RPC_C_AUTHN_DCE_PRIVATE$RPC_C_AUTHN_DCE_PUBLIC$RPC_C_AUTHN_DEC_PUBLIC$RPC_C_AUTHN_DEFAULT$RPC_C_AUTHN_DPA$RPC_C_AUTHN_GSS_KERBEROS$RPC_C_AUTHN_GSS_NEGOTIATE$RPC_C_AUTHN_GSS_SCHANNEL$RPC_C_AUTHN_LEVEL_CALL$RPC_C_AUTHN_LEVEL_CONNECT$RPC_C_AUTHN_LEVEL_DEFAULT$RPC_C_AUTHN_LEVEL_NONE$RPC_C_AUTHN_LEVEL_PKT$RPC_C_AUTHN_LEVEL_PKT_INTEGRITY$RPC_C_AUTHN_LEVEL_PKT_PRIVACY$RPC_C_AUTHN_MQ$RPC_C_AUTHN_MSN$RPC_C_AUTHN_NONE$RPC_C_AUTHN_WINNT$RPC_C_AUTHZ_DCE$RPC_C_AUTHZ_DEFAULT$RPC_C_AUTHZ_NAME$RPC_C_AUTHZ_NONE$RPC_C_IMP_LEVEL_ANONYMOUS$RPC_C_IMP_LEVEL_DEFAULT$RPC_C_IMP_LEVEL_DELEGATE$RPC_C_IMP_LEVEL_IDENTIFY$RPC_C_IMP_LEVEL_IMPERSONATE$STDOLE2_LCID$STDOLE2_MAJORVERNUM$STDOLE2_MINORVERNUM$STDOLE_LCID$STDOLE_MAJORVERNUM$STDOLE_MINORVERNUM$STREAM_SEEK_CUR$STREAM_SEEK_END$STREAM_SEEK_SET$SYS_MAC$SYS_WIN16$SYS_WIN32$ServerInterfaces$TKIND_ALIAS$TKIND_COCLASS$TKIND_DISPATCH$TKIND_ENUM$TKIND_INTERFACE$TKIND_MODULE$TKIND_RECORD$TKIND_UNION$TYMED_ENHMF$TYMED_FILE$TYMED_GDI$TYMED_HGLOBAL$TYMED_ISTORAGE$TYMED_ISTREAM$TYMED_MFPICT$TYMED_NULL$TYPEFLAG_FAGGREGATABLE$TYPEFLAG_FAPPOBJECT$TYPEFLAG_FCANCREATE$TYPEFLAG_FCONTROL$TYPEFLAG_FDISPATCHABLE$TYPEFLAG_FDUAL$TYPEFLAG_FHIDDEN$TYPEFLAG_FLICENSED$TYPEFLAG_FNONEXTENSIBLE$TYPEFLAG_FOLEAUTOMATION$TYPEFLAG_FPREDECLID$TYPEFLAG_FREPLACEABLE$TYPEFLAG_FRESTRICTED$TYPEFLAG_FREVERSEBIND$TypeIIDs$URL_MK_LEGACY$URL_MK_UNIFORM$VARFLAG_FREADONLY$VAR_CONST$VAR_DISPATCH$VAR_PERINSTANCE$VAR_STATIC$VT_ARRAY$VT_BLOB$VT_BLOB_OBJECT$VT_BOOL$VT_BSTR$VT_BSTR_BLOB$VT_BYREF$VT_CARRAY$VT_CF$VT_CLSID$VT_CY$VT_DATE$VT_DECIMAL$VT_DISPATCH$VT_EMPTY$VT_ERROR$VT_FILETIME$VT_HRESULT$VT_I1$VT_I2$VT_I4$VT_I8$VT_ILLEGAL$VT_ILLEGALMASKED$VT_INT$VT_LPSTR$VT_LPWSTR$VT_NULL$VT_PTR$VT_R4$VT_R8$VT_RECORD$VT_RESERVED$VT_SAFEARRAY$VT_STORAGE$VT_STORED_OBJECT$VT_STREAM$VT_STREAMED_OBJECT$VT_TYPEMASK$VT_UI1$VT_UI2$VT_UI4$VT_UI8$VT_UINT$VT_UNKNOWN$VT_USERDEFINED$VT_VARIANT$VT_VECTOR$VT_VOID$_univgw$can't define ole_error$coinit_flags$com_error$dcom$error$fdexNameCaseInsensitive$fdexNameCaseSensitive$fdexNameEnsure$fdexNameImplicit$fdexPropCanCall$fdexPropCanConstruct$fdexPropCanGet$fdexPropCanPut$fdexPropCanPutRef$fdexPropCanSourceEvents$fdexPropCannotCall$fdexPropCannotConstruct$fdexPropCannotGet$fdexPropCannotPut$fdexPropCannotPutRef$fdexPropCannotSourceEvents$fdexPropDynamicType$fdexPropNoSideEffects$frozen$internal_error$ole32.dll$ole_error$pythoncom.internal_error$urlmon.dll
                                                                                                                                                                                                                                                      • API String ID: 1000972437-3953899047
                                                                                                                                                                                                                                                      • Opcode ID: 5afd2dc5eaf7789ad9265e16c99b19a15388047e6c94fa03f81536c0e236717b
                                                                                                                                                                                                                                                      • Instruction ID: e286177f415e1c73cf91e64377943a75143a1fc6a242ab64531d77674badf0d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5afd2dc5eaf7789ad9265e16c99b19a15388047e6c94fa03f81536c0e236717b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CD23A5CB1860250FB0CA756D6B0BBC13A2AF46BC1F8464B1DC6D0BBDE9F6EB1058742
                                                                                                                                                                                                                                                      Function 00007FFDFAC81A0F Relevance: 144.4, APIs: 74, Strings: 8, Instructions: 858COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$O_free$D_get_sizeO_memcmpR_clear_last_markR_get_flagsR_set_markX_get0_cipherX_get0_md
                                                                                                                                                                                                                                                      • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                                                                                      • API String ID: 2283737721-2781224710
                                                                                                                                                                                                                                                      • Opcode ID: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                                                                      • Instruction ID: af2e47eb3a7166956e7cdd754484761a0c5b6a57418159e8b2f3c2451c45d7dc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E82D039B09AD281FB289B95D460BBD23A0EF81B48F5540B6DA6D4B6CDDF3CE585C310
                                                                                                                                                                                                                                                      Function 00007FF6E5781000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1021 7ff6e5781000-7ff6e5783806 call 7ff6e578fe18 call 7ff6e578fe20 call 7ff6e578c850 call 7ff6e57953f0 call 7ff6e5795484 call 7ff6e57836b0 1035 7ff6e5783808-7ff6e578380f 1021->1035 1036 7ff6e5783814-7ff6e5783836 call 7ff6e5781950 1021->1036 1037 7ff6e5783c97-7ff6e5783cb2 call 7ff6e578c550 1035->1037 1042 7ff6e578383c-7ff6e5783856 call 7ff6e5781c80 1036->1042 1043 7ff6e578391b-7ff6e5783931 call 7ff6e57845c0 1036->1043 1047 7ff6e578385b-7ff6e578389b call 7ff6e5788830 1042->1047 1048 7ff6e578396a-7ff6e578397f call 7ff6e5782710 1043->1048 1049 7ff6e5783933-7ff6e5783960 call 7ff6e5787f90 1043->1049 1056 7ff6e578389d-7ff6e57838a3 1047->1056 1057 7ff6e57838c1-7ff6e57838cc call 7ff6e5794f30 1047->1057 1063 7ff6e5783c8f 1048->1063 1061 7ff6e5783984-7ff6e57839a6 call 7ff6e5781c80 1049->1061 1062 7ff6e5783962-7ff6e5783965 call 7ff6e579004c 1049->1062 1058 7ff6e57838a5-7ff6e57838ad 1056->1058 1059 7ff6e57838af-7ff6e57838bd call 7ff6e57889a0 1056->1059 1069 7ff6e57839fc-7ff6e5783a2a call 7ff6e5788940 call 7ff6e57889a0 * 3 1057->1069 1070 7ff6e57838d2-7ff6e57838e1 call 7ff6e5788830 1057->1070 1058->1059 1059->1057 1074 7ff6e57839b0-7ff6e57839b9 1061->1074 1062->1048 1063->1037 1097 7ff6e5783a2f-7ff6e5783a3e call 7ff6e5788830 1069->1097 1079 7ff6e57838e7-7ff6e57838ed 1070->1079 1080 7ff6e57839f4-7ff6e57839f7 call 7ff6e5794f30 1070->1080 1074->1074 1075 7ff6e57839bb-7ff6e57839d8 call 7ff6e5781950 1074->1075 1075->1047 1086 7ff6e57839de-7ff6e57839ef call 7ff6e5782710 1075->1086 1084 7ff6e57838f0-7ff6e57838fc 1079->1084 1080->1069 1087 7ff6e5783905-7ff6e5783908 1084->1087 1088 7ff6e57838fe-7ff6e5783903 1084->1088 1086->1063 1087->1080 1091 7ff6e578390e-7ff6e5783916 call 7ff6e5794f30 1087->1091 1088->1084 1088->1087 1091->1097 1100 7ff6e5783b45-7ff6e5783b53 1097->1100 1101 7ff6e5783a44-7ff6e5783a47 1097->1101 1103 7ff6e5783b59-7ff6e5783b5d 1100->1103 1104 7ff6e5783a67 1100->1104 1101->1100 1102 7ff6e5783a4d-7ff6e5783a50 1101->1102 1105 7ff6e5783a56-7ff6e5783a5a 1102->1105 1106 7ff6e5783b14-7ff6e5783b17 1102->1106 1107 7ff6e5783a6b-7ff6e5783a90 call 7ff6e5794f30 1103->1107 1104->1107 1105->1106 1108 7ff6e5783a60 1105->1108 1109 7ff6e5783b19-7ff6e5783b1d 1106->1109 1110 7ff6e5783b2f-7ff6e5783b40 call 7ff6e5782710 1106->1110 1116 7ff6e5783aab-7ff6e5783ac0 1107->1116 1117 7ff6e5783a92-7ff6e5783aa6 call 7ff6e5788940 1107->1117 1108->1104 1109->1110 1112 7ff6e5783b1f-7ff6e5783b2a 1109->1112 1118 7ff6e5783c7f-7ff6e5783c87 1110->1118 1112->1107 1120 7ff6e5783be8-7ff6e5783bfa call 7ff6e5788830 1116->1120 1121 7ff6e5783ac6-7ff6e5783aca 1116->1121 1117->1116 1118->1063 1128 7ff6e5783bfc-7ff6e5783c02 1120->1128 1129 7ff6e5783c2e 1120->1129 1123 7ff6e5783bcd-7ff6e5783be2 call 7ff6e5781940 1121->1123 1124 7ff6e5783ad0-7ff6e5783ae8 call 7ff6e5795250 1121->1124 1123->1120 1123->1121 1134 7ff6e5783aea-7ff6e5783b02 call 7ff6e5795250 1124->1134 1135 7ff6e5783b62-7ff6e5783b7a call 7ff6e5795250 1124->1135 1132 7ff6e5783c04-7ff6e5783c1c 1128->1132 1133 7ff6e5783c1e-7ff6e5783c2c 1128->1133 1136 7ff6e5783c31-7ff6e5783c40 call 7ff6e5794f30 1129->1136 1132->1136 1133->1136 1134->1123 1145 7ff6e5783b08-7ff6e5783b0f 1134->1145 1143 7ff6e5783b7c-7ff6e5783b80 1135->1143 1144 7ff6e5783b87-7ff6e5783b9f call 7ff6e5795250 1135->1144 1146 7ff6e5783c46-7ff6e5783c4a 1136->1146 1147 7ff6e5783d41-7ff6e5783d63 call 7ff6e57844e0 1136->1147 1143->1144 1156 7ff6e5783bac-7ff6e5783bc4 call 7ff6e5795250 1144->1156 1157 7ff6e5783ba1-7ff6e5783ba5 1144->1157 1145->1123 1149 7ff6e5783cd4-7ff6e5783ce6 call 7ff6e5788830 1146->1149 1150 7ff6e5783c50-7ff6e5783c5f call 7ff6e57890e0 1146->1150 1160 7ff6e5783d65-7ff6e5783d6f call 7ff6e5784630 1147->1160 1161 7ff6e5783d71-7ff6e5783d82 call 7ff6e5781c80 1147->1161 1166 7ff6e5783ce8-7ff6e5783ceb 1149->1166 1167 7ff6e5783d35-7ff6e5783d3c 1149->1167 1164 7ff6e5783cb3-7ff6e5783cbd call 7ff6e5788660 1150->1164 1165 7ff6e5783c61 1150->1165 1156->1123 1178 7ff6e5783bc6 1156->1178 1157->1156 1169 7ff6e5783d87-7ff6e5783d96 1160->1169 1161->1169 1183 7ff6e5783cc8-7ff6e5783ccf 1164->1183 1184 7ff6e5783cbf-7ff6e5783cc6 1164->1184 1172 7ff6e5783c68 call 7ff6e5782710 1165->1172 1166->1167 1173 7ff6e5783ced-7ff6e5783d10 call 7ff6e5781c80 1166->1173 1167->1172 1175 7ff6e5783d98-7ff6e5783d9f 1169->1175 1176 7ff6e5783dc4-7ff6e5783dda call 7ff6e5789390 1169->1176 1185 7ff6e5783c6d-7ff6e5783c77 1172->1185 1187 7ff6e5783d2b-7ff6e5783d33 call 7ff6e5794f30 1173->1187 1188 7ff6e5783d12-7ff6e5783d26 call 7ff6e5782710 call 7ff6e5794f30 1173->1188 1175->1176 1181 7ff6e5783da1-7ff6e5783da5 1175->1181 1193 7ff6e5783ddc 1176->1193 1194 7ff6e5783de8-7ff6e5783e04 SetDllDirectoryW 1176->1194 1178->1123 1181->1176 1189 7ff6e5783da7-7ff6e5783dbe SetDllDirectoryW LoadLibraryExW 1181->1189 1183->1169 1184->1172 1185->1118 1187->1169 1188->1185 1189->1176 1193->1194 1197 7ff6e5783e0a-7ff6e5783e19 call 7ff6e5788830 1194->1197 1198 7ff6e5783f01-7ff6e5783f08 1194->1198 1210 7ff6e5783e1b-7ff6e5783e21 1197->1210 1211 7ff6e5783e32-7ff6e5783e3c call 7ff6e5794f30 1197->1211 1200 7ff6e5784008-7ff6e5784010 1198->1200 1201 7ff6e5783f0e-7ff6e5783f15 1198->1201 1205 7ff6e5784035-7ff6e5784040 call 7ff6e57836a0 call 7ff6e5783360 1200->1205 1206 7ff6e5784012-7ff6e578402f PostMessageW GetMessageW 1200->1206 1201->1200 1204 7ff6e5783f1b-7ff6e5783f25 call 7ff6e57833c0 1201->1204 1204->1185 1218 7ff6e5783f2b-7ff6e5783f3f call 7ff6e57890c0 1204->1218 1223 7ff6e5784045-7ff6e5784067 call 7ff6e5783670 call 7ff6e5786fc0 call 7ff6e5786d70 1205->1223 1206->1205 1215 7ff6e5783e2d-7ff6e5783e2f 1210->1215 1216 7ff6e5783e23-7ff6e5783e2b 1210->1216 1220 7ff6e5783ef2-7ff6e5783efc call 7ff6e5788940 1211->1220 1221 7ff6e5783e42-7ff6e5783e48 1211->1221 1215->1211 1216->1215 1231 7ff6e5783f64-7ff6e5783fa7 call 7ff6e5788940 call 7ff6e57889e0 call 7ff6e5786fc0 call 7ff6e5786d70 call 7ff6e57888e0 1218->1231 1232 7ff6e5783f41-7ff6e5783f5e PostMessageW GetMessageW 1218->1232 1220->1198 1221->1220 1226 7ff6e5783e4e-7ff6e5783e54 1221->1226 1229 7ff6e5783e56-7ff6e5783e58 1226->1229 1230 7ff6e5783e5f-7ff6e5783e61 1226->1230 1234 7ff6e5783e5a 1229->1234 1235 7ff6e5783e67-7ff6e5783e83 call 7ff6e5786dc0 call 7ff6e5787340 1229->1235 1230->1198 1230->1235 1270 7ff6e5783fa9-7ff6e5783fbf call 7ff6e5788ed0 call 7ff6e57888e0 1231->1270 1271 7ff6e5783ff5-7ff6e5784003 call 7ff6e5781900 1231->1271 1232->1231 1234->1198 1249 7ff6e5783e85-7ff6e5783e8c 1235->1249 1250 7ff6e5783e8e-7ff6e5783e95 1235->1250 1254 7ff6e5783edb-7ff6e5783ef0 call 7ff6e5782a50 call 7ff6e5786fc0 call 7ff6e5786d70 1249->1254 1251 7ff6e5783e97-7ff6e5783ea4 call 7ff6e5786e00 1250->1251 1252 7ff6e5783eaf-7ff6e5783eb9 call 7ff6e57871b0 1250->1252 1251->1252 1263 7ff6e5783ea6-7ff6e5783ead 1251->1263 1264 7ff6e5783ebb-7ff6e5783ec2 1252->1264 1265 7ff6e5783ec4-7ff6e5783ed2 call 7ff6e57874f0 1252->1265 1254->1198 1263->1254 1264->1254 1265->1198 1278 7ff6e5783ed4 1265->1278 1270->1271 1282 7ff6e5783fc1-7ff6e5783fd6 1270->1282 1271->1185 1278->1254 1283 7ff6e5783fd8-7ff6e5783feb call 7ff6e5782710 call 7ff6e5781900 1282->1283 1284 7ff6e5783ff0 call 7ff6e5782a50 1282->1284 1283->1185 1284->1271
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                      • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                                      • Opcode ID: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                                      • Instruction ID: b435d199805b71d04b19b9ff1d0c433f92d7a4571b6dc6ae0eb2abbcf6d6dc69
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97328D63A0C6A291FE159B29D8743B92691AF44F80F444432DA5DC32D6EF2EED74C31B
                                                                                                                                                                                                                                                      Function 00007FF6E57A6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1853 7ff6e57a6964-7ff6e57a69d7 call 7ff6e57a6698 1856 7ff6e57a69f1-7ff6e57a69fb call 7ff6e5798520 1853->1856 1857 7ff6e57a69d9-7ff6e57a69e2 call 7ff6e5794ee8 1853->1857 1863 7ff6e57a6a16-7ff6e57a6a7f CreateFileW 1856->1863 1864 7ff6e57a69fd-7ff6e57a6a14 call 7ff6e5794ee8 call 7ff6e5794f08 1856->1864 1862 7ff6e57a69e5-7ff6e57a69ec call 7ff6e5794f08 1857->1862 1877 7ff6e57a6d32-7ff6e57a6d52 1862->1877 1867 7ff6e57a6a81-7ff6e57a6a87 1863->1867 1868 7ff6e57a6afc-7ff6e57a6b07 GetFileType 1863->1868 1864->1862 1869 7ff6e57a6ac9-7ff6e57a6af7 GetLastError call 7ff6e5794e7c 1867->1869 1870 7ff6e57a6a89-7ff6e57a6a8d 1867->1870 1872 7ff6e57a6b09-7ff6e57a6b44 GetLastError call 7ff6e5794e7c CloseHandle 1868->1872 1873 7ff6e57a6b5a-7ff6e57a6b61 1868->1873 1869->1862 1870->1869 1875 7ff6e57a6a8f-7ff6e57a6ac7 CreateFileW 1870->1875 1872->1862 1888 7ff6e57a6b4a-7ff6e57a6b55 call 7ff6e5794f08 1872->1888 1880 7ff6e57a6b63-7ff6e57a6b67 1873->1880 1881 7ff6e57a6b69-7ff6e57a6b6c 1873->1881 1875->1868 1875->1869 1885 7ff6e57a6b72-7ff6e57a6bc7 call 7ff6e5798438 1880->1885 1881->1885 1886 7ff6e57a6b6e 1881->1886 1891 7ff6e57a6be6-7ff6e57a6c17 call 7ff6e57a6418 1885->1891 1892 7ff6e57a6bc9-7ff6e57a6bd5 call 7ff6e57a68a0 1885->1892 1886->1885 1888->1862 1899 7ff6e57a6c19-7ff6e57a6c1b 1891->1899 1900 7ff6e57a6c1d-7ff6e57a6c5f 1891->1900 1892->1891 1898 7ff6e57a6bd7 1892->1898 1901 7ff6e57a6bd9-7ff6e57a6be1 call 7ff6e579aac0 1898->1901 1899->1901 1902 7ff6e57a6c81-7ff6e57a6c8c 1900->1902 1903 7ff6e57a6c61-7ff6e57a6c65 1900->1903 1901->1877 1905 7ff6e57a6d30 1902->1905 1906 7ff6e57a6c92-7ff6e57a6c96 1902->1906 1903->1902 1904 7ff6e57a6c67-7ff6e57a6c7c 1903->1904 1904->1902 1905->1877 1906->1905 1908 7ff6e57a6c9c-7ff6e57a6ce1 CloseHandle CreateFileW 1906->1908 1910 7ff6e57a6ce3-7ff6e57a6d11 GetLastError call 7ff6e5794e7c call 7ff6e5798660 1908->1910 1911 7ff6e57a6d16-7ff6e57a6d2b 1908->1911 1910->1911 1911->1905
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                                                                                      • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                      • Instruction ID: 4421cbd6fdc199937788354ee72bdcb638e34ef7e7338ff810c55c5a40e0f66a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3C19F37B28A4185EF10CF69C4A06AC3761F749B98B114229DA1EDB795DF3AD871C305
                                                                                                                                                                                                                                                      Function 00007FF6E5789280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                      • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                      • Instruction ID: 630b7f02b40f1aa7360b7bdcb0121614811b3296479f4d059f18ce3c57669cb9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F0C823A1874186FFA08B60F4A876A7750EB84B64F040335DA6DC2AD5DF3DD878CB09
                                                                                                                                                                                                                                                      Function 00007FFDFAC81C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 608COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_newR_set_debug$memcpy$L_cleanseO_clear_flagsO_set_flags
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                                                                                                                                                                                                      • API String ID: 480058824-3615793073
                                                                                                                                                                                                                                                      • Opcode ID: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                                                                      • Instruction ID: 8c1c0ca34b27da31d0296cafa3eb1953e6f5ec62ee8119f82adf9db2a571788f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB52A039B086C282FB699B26D460BBD27A0EF81B48F5540B5DA6E07ADDDF3DE441C311
                                                                                                                                                                                                                                                      Function 00007FFDFAC814BF Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1290 7ffdfac814bf-7ffdfacdf1b6 call 7ffdfac81325 * 2 1297 7ffdfacdf1bc-7ffdfacdf1d3 ERR_clear_error SetLastError 1290->1297 1298 7ffdfacdf4d4-7ffdfacdf4ee 1290->1298 1299 7ffdfacdf1d5-7ffdfacdf1dc 1297->1299 1300 7ffdfacdf1e3-7ffdfacdf1ea 1297->1300 1299->1300 1301 7ffdfacdf1ec-7ffdfacdf1f0 1300->1301 1302 7ffdfacdf1f8-7ffdfacdf202 1300->1302 1303 7ffdfacdf1f2-7ffdfacdf1f6 1301->1303 1304 7ffdfacdf214-7ffdfacdf219 1301->1304 1302->1304 1305 7ffdfacdf204-7ffdfacdf20e call 7ffdfac8192e 1302->1305 1303->1302 1303->1304 1306 7ffdfacdf21b-7ffdfacdf21e 1304->1306 1307 7ffdfacdf225 1304->1307 1305->1298 1305->1304 1309 7ffdfacdf229-7ffdfacdf230 1306->1309 1310 7ffdfacdf220 1306->1310 1307->1309 1313 7ffdfacdf275-7ffdfacdf28a 1309->1313 1314 7ffdfacdf232-7ffdfacdf239 1309->1314 1312 7ffdfacdf3f1-7ffdfacdf3f4 1310->1312 1317 7ffdfacdf409-7ffdfacdf40c 1312->1317 1318 7ffdfacdf3f6-7ffdfacdf3f9 call 7ffdfacdecc0 1312->1318 1319 7ffdfacdf2d9-7ffdfacdf2e3 1313->1319 1320 7ffdfacdf28c-7ffdfacdf296 1313->1320 1315 7ffdfacdf23b-7ffdfacdf242 1314->1315 1316 7ffdfacdf265-7ffdfacdf270 1314->1316 1315->1316 1323 7ffdfacdf244-7ffdfacdf253 1315->1323 1316->1313 1321 7ffdfacdf40e-7ffdfacdf411 call 7ffdfacdf6b0 1317->1321 1322 7ffdfacdf440-7ffdfacdf444 1317->1322 1332 7ffdfacdf3fe-7ffdfacdf401 1318->1332 1326 7ffdfacdf2f1-7ffdfacdf308 call 7ffdfac820cc 1319->1326 1327 7ffdfacdf2e5-7ffdfacdf2ef ERR_new 1319->1327 1325 7ffdfacdf298-7ffdfacdf29b 1320->1325 1320->1326 1337 7ffdfacdf416-7ffdfacdf419 1321->1337 1333 7ffdfacdf44b-7ffdfacdf479 ERR_new ERR_set_debug call 7ffdfac81d8e 1322->1333 1334 7ffdfacdf446-7ffdfacdf449 1322->1334 1323->1316 1331 7ffdfacdf255-7ffdfacdf25c 1323->1331 1335 7ffdfacdf2a4-7ffdfacdf2a9 ERR_new 1325->1335 1336 7ffdfacdf29d-7ffdfacdf2a2 1325->1336 1347 7ffdfacdf30a-7ffdfacdf314 ERR_new 1326->1347 1348 7ffdfacdf316-7ffdfacdf31d 1326->1348 1328 7ffdfacdf2ae-7ffdfacdf2d4 ERR_set_debug call 7ffdfac81d8e 1327->1328 1341 7ffdfacdf4ad-7ffdfacdf4bb BUF_MEM_free 1328->1341 1331->1316 1339 7ffdfacdf25e-7ffdfacdf263 1331->1339 1340 7ffdfacdf407 1332->1340 1332->1341 1342 7ffdfacdf47e-7ffdfacdf4a8 ERR_new ERR_set_debug ERR_set_error 1333->1342 1334->1333 1334->1342 1335->1328 1336->1326 1336->1335 1345 7ffdfacdf41b-7ffdfacdf42b 1337->1345 1346 7ffdfacdf42d-7ffdfacdf430 1337->1346 1339->1313 1339->1316 1349 7ffdfacdf3e8-7ffdfacdf3ed 1340->1349 1341->1298 1350 7ffdfacdf4bd-7ffdfacdf4cb 1341->1350 1342->1341 1345->1312 1346->1341 1352 7ffdfacdf432-7ffdfacdf43e 1346->1352 1347->1328 1353 7ffdfacdf366-7ffdfacdf370 call 7ffdfac8207c 1348->1353 1354 7ffdfacdf31f-7ffdfacdf32a call 7ffdfacfde03 1348->1354 1349->1312 1355 7ffdfacdf4d2 1350->1355 1356 7ffdfacdf4cd 1350->1356 1352->1341 1361 7ffdfacdf372-7ffdfacdf37c ERR_new 1353->1361 1362 7ffdfacdf381-7ffdfacdf399 call 7ffdfac81ff5 1353->1362 1363 7ffdfacdf32c-7ffdfacdf336 ERR_new 1354->1363 1364 7ffdfacdf33b-7ffdfacdf343 call 7ffdfacfd335 1354->1364 1355->1298 1356->1355 1361->1328 1369 7ffdfacdf3aa-7ffdfacdf3ae 1362->1369 1370 7ffdfacdf39b-7ffdfacdf3a5 ERR_new 1362->1370 1363->1328 1368 7ffdfacdf348-7ffdfacdf34b 1364->1368 1371 7ffdfacdf35c-7ffdfacdf363 1368->1371 1372 7ffdfacdf34d-7ffdfacdf357 ERR_new 1368->1372 1373 7ffdfacdf3b6-7ffdfacdf3bd 1369->1373 1374 7ffdfacdf3b0-7ffdfacdf3b4 1369->1374 1370->1328 1371->1353 1372->1328 1373->1349 1375 7ffdfacdf3bf-7ffdfacdf3c9 call 7ffdfac8186b 1373->1375 1374->1373 1374->1375 1375->1341 1378 7ffdfacdf3cf-7ffdfacdf3d6 1375->1378 1379 7ffdfacdf3d8-7ffdfacdf3df 1378->1379 1380 7ffdfacdf3e1 1378->1380 1379->1349 1379->1380 1380->1349
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                                                      • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                                                      • Opcode ID: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                                                                      • Instruction ID: 69dc2ed0f6b9a647c48ef709a47ecd27aff406d0b529d1d300c4e1cfba188ce0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97A16229B0C64381FB6D9B2AD461BBD22A4FF41B48F2440B5DD7D466DECE3CE84187A1
                                                                                                                                                                                                                                                      Function 00007FFDFAC81C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                                                                      • API String ID: 2779586248-3767186838
                                                                                                                                                                                                                                                      • Opcode ID: 4b3c939a7b197642555fd03858451e68e0e2822e76a72f073d6beb959d7d97e5
                                                                                                                                                                                                                                                      • Instruction ID: 86effb4f8d26ddb7e5ddb902e380dab026a36d9318272555967915f17ae07b0d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b3c939a7b197642555fd03858451e68e0e2822e76a72f073d6beb959d7d97e5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3251B065B1968281FB59DB15D4A5BBC23A0FB84B88F5440B1EE6D4B7DEDF2CE8818310
                                                                                                                                                                                                                                                      Function 00007FFDFAC814F1 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1422 7ffdfac814f1-7ffdfacc7b94 call 7ffdfac81325 1426 7ffdfacc7b9a-7ffdfacc7ba2 1422->1426 1427 7ffdfacc7c93 1422->1427 1428 7ffdfacc7ba4-7ffdfacc7bab call 7ffdfac81852 1426->1428 1429 7ffdfacc7bb1-7ffdfacc7bd3 1426->1429 1430 7ffdfacc7c95-7ffdfacc7cb1 1427->1430 1428->1429 1439 7ffdfacc7c38-7ffdfacc7c3d 1428->1439 1432 7ffdfacc7bd5-7ffdfacc7bd8 1429->1432 1433 7ffdfacc7bf9-7ffdfacc7c03 1429->1433 1435 7ffdfacc7bda 1432->1435 1436 7ffdfacc7be1-7ffdfacc7bf2 1432->1436 1437 7ffdfacc7c05-7ffdfacc7c33 ERR_new ERR_set_debug call 7ffdfac81d8e 1433->1437 1438 7ffdfacc7c3f-7ffdfacc7c4d 1433->1438 1435->1436 1436->1433 1437->1439 1441 7ffdfacc7c4f-7ffdfacc7c54 1438->1441 1442 7ffdfacc7c74-7ffdfacc7c87 1438->1442 1439->1430 1441->1442 1445 7ffdfacc7c56-7ffdfacc7c6d call 7ffdfacffaac 1441->1445 1443 7ffdfacc7cc6-7ffdfacc7cd3 1442->1443 1444 7ffdfacc7c89-7ffdfacc7c8c 1442->1444 1449 7ffdfacc7cd5-7ffdfacc7cfc 1443->1449 1450 7ffdfacc7cfe-7ffdfacc7d0b 1443->1450 1447 7ffdfacc7c8e-7ffdfacc7c91 1444->1447 1448 7ffdfacc7cb2-7ffdfacc7cb5 1444->1448 1445->1442 1447->1427 1447->1443 1448->1443 1452 7ffdfacc7cb7-7ffdfacc7cc4 1448->1452 1449->1430 1453 7ffdfacc7d4a-7ffdfacc7d51 1450->1453 1454 7ffdfacc7d0d-7ffdfacc7d45 ERR_new ERR_set_debug call 7ffdfac81d8e 1450->1454 1452->1449 1455 7ffdfacc7d5e-7ffdfacc7d61 1453->1455 1456 7ffdfacc7d53-7ffdfacc7d57 1453->1456 1454->1430 1459 7ffdfacc7d68-7ffdfacc7d6f 1455->1459 1460 7ffdfacc7d63-7ffdfacc7d66 1455->1460 1456->1455 1458 7ffdfacc7d59-7ffdfacc7d5c 1456->1458 1462 7ffdfacc7d70-7ffdfacc7d7f SetLastError 1458->1462 1459->1462 1460->1462 1463 7ffdfacc7e95-7ffdfacc7ec8 ERR_new ERR_set_debug call 7ffdfac81d8e 1462->1463 1464 7ffdfacc7d85-7ffdfacc7db1 BIO_read 1462->1464 1474 7ffdfacc7ecd-7ffdfacc7edb 1463->1474 1465 7ffdfacc7de5-7ffdfacc7df7 1464->1465 1466 7ffdfacc7db3-7ffdfacc7dc3 BIO_test_flags 1464->1466 1471 7ffdfacc7df9-7ffdfacc7dfc 1465->1471 1472 7ffdfacc7dfe-7ffdfacc7e01 1465->1472 1468 7ffdfacc7dc5-7ffdfacc7ddb BIO_ctrl 1466->1468 1469 7ffdfacc7ddd-7ffdfacc7ddf 1466->1469 1468->1469 1473 7ffdfacc7e09-7ffdfacc7e10 1468->1473 1469->1465 1469->1474 1471->1472 1475 7ffdfacc7e61 1471->1475 1472->1462 1476 7ffdfacc7e07 1472->1476 1480 7ffdfacc7e2c-7ffdfacc7e5f ERR_new ERR_set_debug call 7ffdfac81d8e 1473->1480 1481 7ffdfacc7e12-7ffdfacc7e27 call 7ffdfac81c49 1473->1481 1478 7ffdfacc7eff-7ffdfacc7f01 1474->1478 1479 7ffdfacc7edd-7ffdfacc7eec 1474->1479 1477 7ffdfacc7e64-7ffdfacc7e90 1475->1477 1476->1477 1477->1430 1478->1430 1479->1478 1484 7ffdfacc7eee-7ffdfacc7ef5 1479->1484 1480->1474 1481->1474 1484->1478 1487 7ffdfacc7ef7-7ffdfacc7efa call 7ffdfac81988 1484->1487 1487->1478
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flags
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                                                                      • API String ID: 3359833097-4226281315
                                                                                                                                                                                                                                                      • Opcode ID: 8ebe03c6254369f7a723c3bcb68090796815b0d3cdd902c278eaeef658847182
                                                                                                                                                                                                                                                      • Instruction ID: 43943dddd482edc4aaf9da0c01e43c4612ffff865d7db98cf5f34c14868baee2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ebe03c6254369f7a723c3bcb68090796815b0d3cdd902c278eaeef658847182
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0A17D29B08A8681F7599F26D860BBD22A0EF84B88F5541B5DE6D0BBDDDF3CD445C310
                                                                                                                                                                                                                                                      Function 00007FF6E5781950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1489 7ff6e5781950-7ff6e578198b call 7ff6e57845c0 1492 7ff6e5781991-7ff6e57819d1 call 7ff6e5787f90 1489->1492 1493 7ff6e5781c4e-7ff6e5781c72 call 7ff6e578c550 1489->1493 1498 7ff6e5781c3b-7ff6e5781c3e call 7ff6e579004c 1492->1498 1499 7ff6e57819d7-7ff6e57819e7 call 7ff6e57906d4 1492->1499 1503 7ff6e5781c43-7ff6e5781c4b 1498->1503 1504 7ff6e57819e9-7ff6e5781a03 call 7ff6e5794f08 call 7ff6e5782910 1499->1504 1505 7ff6e5781a08-7ff6e5781a24 call 7ff6e579039c 1499->1505 1503->1493 1504->1498 1510 7ff6e5781a26-7ff6e5781a40 call 7ff6e5794f08 call 7ff6e5782910 1505->1510 1511 7ff6e5781a45-7ff6e5781a5a call 7ff6e5794f28 1505->1511 1510->1498 1519 7ff6e5781a5c-7ff6e5781a76 call 7ff6e5794f08 call 7ff6e5782910 1511->1519 1520 7ff6e5781a7b-7ff6e5781afc call 7ff6e5781c80 * 2 call 7ff6e57906d4 1511->1520 1519->1498 1531 7ff6e5781b01-7ff6e5781b14 call 7ff6e5794f44 1520->1531 1534 7ff6e5781b16-7ff6e5781b30 call 7ff6e5794f08 call 7ff6e5782910 1531->1534 1535 7ff6e5781b35-7ff6e5781b4e call 7ff6e579039c 1531->1535 1534->1498 1541 7ff6e5781b50-7ff6e5781b6a call 7ff6e5794f08 call 7ff6e5782910 1535->1541 1542 7ff6e5781b6f-7ff6e5781b8b call 7ff6e5790110 1535->1542 1541->1498 1549 7ff6e5781b8d-7ff6e5781b99 call 7ff6e5782710 1542->1549 1550 7ff6e5781b9e-7ff6e5781bac 1542->1550 1549->1498 1550->1498 1553 7ff6e5781bb2-7ff6e5781bb9 1550->1553 1555 7ff6e5781bc1-7ff6e5781bc7 1553->1555 1556 7ff6e5781bc9-7ff6e5781bd6 1555->1556 1557 7ff6e5781be0-7ff6e5781bef 1555->1557 1558 7ff6e5781bf1-7ff6e5781bfa 1556->1558 1557->1557 1557->1558 1559 7ff6e5781bfc-7ff6e5781bff 1558->1559 1560 7ff6e5781c0f 1558->1560 1559->1560 1561 7ff6e5781c01-7ff6e5781c04 1559->1561 1562 7ff6e5781c11-7ff6e5781c24 1560->1562 1561->1560 1563 7ff6e5781c06-7ff6e5781c09 1561->1563 1564 7ff6e5781c2d-7ff6e5781c39 1562->1564 1565 7ff6e5781c26 1562->1565 1563->1560 1566 7ff6e5781c0b-7ff6e5781c0d 1563->1566 1564->1498 1564->1555 1565->1564 1566->1562
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5787F90: _fread_nolock.LIBCMT ref: 00007FF6E578803A
                                                                                                                                                                                                                                                      • _fread_nolock.LIBCMT ref: 00007FF6E5781A1B
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E5781B6A), ref: 00007FF6E578295E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                      • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                      • Opcode ID: b426b7569fd43417053a9482fb0298cff99dadbc456d732c1d031cb9eee9613e
                                                                                                                                                                                                                                                      • Instruction ID: 4c53e56441b76c422e068cc02e0c32acbb3628e2dc84878d151be5534d65095b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b426b7569fd43417053a9482fb0298cff99dadbc456d732c1d031cb9eee9613e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A819173A086D286EF20DB24D0643B927A1AF84F84F444431D98DC7786DE3EE9B5875B
                                                                                                                                                                                                                                                      Function 00007FFDFACDECC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1567 7ffdfacdecc0-7ffdfacdecf1 call 7ffdfac81325 1570 7ffdfacded01-7ffdfacded59 1567->1570 1571 7ffdfacdecf3-7ffdfacdecfa 1567->1571 1572 7ffdfacded5b-7ffdfacded65 1570->1572 1573 7ffdfacded68-7ffdfacded6c 1570->1573 1571->1570 1572->1573 1574 7ffdfacded70-7ffdfacded75 1573->1574 1575 7ffdfacded77-7ffdfacded7a 1574->1575 1576 7ffdfacdedb4-7ffdfacdedca 1574->1576 1577 7ffdfacdee94-7ffdfacdeeaa 1575->1577 1578 7ffdfacded80-7ffdfacded83 1575->1578 1579 7ffdfacdedcc-7ffdfacdedd1 call 7ffdfac826a8 1576->1579 1580 7ffdfacdedd3 call 7ffdfac82252 1576->1580 1581 7ffdfacdeeac-7ffdfacdeeb1 call 7ffdfac815e1 1577->1581 1582 7ffdfacdeeb3 call 7ffdfac811c7 1577->1582 1583 7ffdfacded89-7ffdfacded8f call 7ffdfac81c62 1578->1583 1584 7ffdfacdef80-7ffdfacdef85 ERR_new 1578->1584 1591 7ffdfacdedd8-7ffdfacdedda 1579->1591 1580->1591 1595 7ffdfacdeeb8-7ffdfacdeeba 1581->1595 1582->1595 1594 7ffdfacded92-7ffdfacded98 1583->1594 1587 7ffdfacdef8a-7ffdfacdefa8 ERR_set_debug 1584->1587 1592 7ffdfacdf048-7ffdfacdf04e call 7ffdfac81d8e 1587->1592 1596 7ffdfacdf053 1591->1596 1597 7ffdfacdede0-7ffdfacdede3 1591->1597 1592->1596 1594->1573 1599 7ffdfacded9a-7ffdfacdedaa 1594->1599 1595->1596 1600 7ffdfacdeec0-7ffdfacdeed8 1595->1600 1598 7ffdfacdf055-7ffdfacdf06c 1596->1598 1602 7ffdfacdede5-7ffdfacdedf7 1597->1602 1603 7ffdfacdee01-7ffdfacdee0d 1597->1603 1599->1576 1606 7ffdfacdf011-7ffdfacdf01b ERR_new 1600->1606 1607 7ffdfacdeede-7ffdfacdef04 1600->1607 1604 7ffdfacdedf9 1602->1604 1605 7ffdfacdedfe 1602->1605 1603->1596 1609 7ffdfacdee13-7ffdfacdee23 1603->1609 1604->1605 1605->1603 1606->1587 1611 7ffdfacdef0a-7ffdfacdef0d 1607->1611 1612 7ffdfacdeff6-7ffdfacdeffa 1607->1612 1620 7ffdfacdee29-7ffdfacdee37 1609->1620 1621 7ffdfacdf020-7ffdfacdf042 ERR_new ERR_set_debug 1609->1621 1616 7ffdfacdefd7-7ffdfacdefe5 1611->1616 1617 7ffdfacdef13-7ffdfacdef16 1611->1617 1613 7ffdfacdeffc-7ffdfacdf000 1612->1613 1614 7ffdfacdf002-7ffdfacdf00c ERR_new 1612->1614 1613->1596 1613->1614 1619 7ffdfacdef4d-7ffdfacdef6b ERR_set_debug 1614->1619 1624 7ffdfacdefe7-7ffdfacdefea call 7ffdfac82540 1616->1624 1625 7ffdfacdefef-7ffdfacdeff4 1616->1625 1622 7ffdfacdef18-7ffdfacdef1b 1617->1622 1623 7ffdfacdef20-7ffdfacdef2e 1617->1623 1619->1592 1626 7ffdfacdee39-7ffdfacdee3c 1620->1626 1627 7ffdfacdee85-7ffdfacdee8d 1620->1627 1621->1592 1622->1574 1623->1574 1623->1619 1624->1625 1625->1598 1626->1627 1629 7ffdfacdee3e-7ffdfacdee5f BUF_MEM_grow_clean 1626->1629 1627->1577 1630 7ffdfacdee65-7ffdfacdee68 1629->1630 1631 7ffdfacdefad-7ffdfacdefd5 ERR_new ERR_set_debug 1629->1631 1630->1631 1632 7ffdfacdee6e-7ffdfacdee83 1630->1632 1631->1592 1632->1627
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                                                      • API String ID: 0-3323778802
                                                                                                                                                                                                                                                      • Opcode ID: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                                                                      • Instruction ID: 876b18245837c21516a479a066d0b040126b1a487fc7939b414083dbcf6b25b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF917029B0864681FB599B26D460BBD27A0FF40B48F5480B6DA7D4B6DDCF3CE846C350
                                                                                                                                                                                                                                                      Function 00007FFDFABE40B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 54libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: GlobalLock@@Win_$AcquireAddressCurrentHandleModuleProcReleaseThread
                                                                                                                                                                                                                                                      • String ID: CoInitializeEx$CoInitializeEx failed (0x%08lx)$ole32.dll
                                                                                                                                                                                                                                                      • API String ID: 2699693448-4213856137
                                                                                                                                                                                                                                                      • Opcode ID: 8a952fc43bd525437a0d6f348abac8e58cc68f4b7ebf1dc6150318704ae46fdd
                                                                                                                                                                                                                                                      • Instruction ID: 338b11ccd8f66f9725e5b63d8290c735aa913e995718916df0da7156e0499d6c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a952fc43bd525437a0d6f348abac8e58cc68f4b7ebf1dc6150318704ae46fdd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32218128F0C20385FB5CCB20A8B4E3D26916F55744F9440F8C52D862E9EE6EF884A602
                                                                                                                                                                                                                                                      Function 00007FFDFACDF6B0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1650 7ffdfacdf6b0-7ffdfacdf6dc call 7ffdfac81325 1653 7ffdfacdf6ec-7ffdfacdf73c 1650->1653 1654 7ffdfacdf6de-7ffdfacdf6e5 1650->1654 1655 7ffdfacdf740-7ffdfacdf745 1653->1655 1654->1653 1656 7ffdfacdf74b-7ffdfacdf74e 1655->1656 1657 7ffdfacdf954-7ffdfacdf957 1655->1657 1658 7ffdfacdf78a-7ffdfacdf799 1656->1658 1659 7ffdfacdf750-7ffdfacdf753 1656->1659 1660 7ffdfacdf959-7ffdfacdf96b 1657->1660 1661 7ffdfacdf974-7ffdfacdf97d 1657->1661 1678 7ffdfacdf79b-7ffdfacdf7a5 1658->1678 1679 7ffdfacdf7b1-7ffdfacdf7ce 1658->1679 1662 7ffdfacdf759-7ffdfacdf75c 1659->1662 1663 7ffdfacdf8ab-7ffdfacdf8ba 1659->1663 1664 7ffdfacdf972 1660->1664 1665 7ffdfacdf96d 1660->1665 1672 7ffdfacdfa45-7ffdfacdfa49 1661->1672 1673 7ffdfacdf983-7ffdfacdf986 1661->1673 1667 7ffdfacdf925-7ffdfacdf92b call 7ffdface10e2 1662->1667 1668 7ffdfacdf762-7ffdfacdf785 ERR_new ERR_set_debug 1662->1668 1669 7ffdfacdf8ca-7ffdfacdf8d0 1663->1669 1670 7ffdfacdf8bc-7ffdfacdf8c0 1663->1670 1664->1661 1665->1664 1684 7ffdfacdf92d-7ffdfacdf933 1667->1684 1674 7ffdfacdfa74-7ffdfacdfa7f call 7ffdfac81d8e 1668->1674 1676 7ffdfacdf8ea-7ffdfacdf901 1669->1676 1677 7ffdfacdf8d2-7ffdfacdf8d5 1669->1677 1670->1669 1675 7ffdfacdf8c2-7ffdfacdf8c5 call 7ffdfac81cf8 1670->1675 1682 7ffdfacdfa4b-7ffdfacdfa4f 1672->1682 1683 7ffdfacdfa51-7ffdfacdfa56 ERR_new 1672->1683 1680 7ffdfacdf998-7ffdfacdf99f 1673->1680 1681 7ffdfacdf988-7ffdfacdf98b 1673->1681 1693 7ffdfacdfa84 1674->1693 1675->1669 1688 7ffdfacdf90a call 7ffdfac81528 1676->1688 1689 7ffdfacdf903-7ffdfacdf908 call 7ffdfac81294 1676->1689 1677->1676 1686 7ffdfacdf8d7-7ffdfacdf8e8 1677->1686 1678->1679 1679->1693 1702 7ffdfacdf7d4-7ffdfacdf7dc 1679->1702 1700 7ffdfacdf9ca-7ffdfacdf9d8 call 7ffdfac81b9a 1680->1700 1681->1655 1692 7ffdfacdf991-7ffdfacdf993 1681->1692 1682->1683 1682->1693 1694 7ffdfacdfa5b-7ffdfacdfa6e ERR_set_debug 1683->1694 1684->1655 1695 7ffdfacdf939-7ffdfacdf943 1684->1695 1698 7ffdfacdf90f-7ffdfacdf911 1686->1698 1688->1698 1689->1698 1699 7ffdfacdfa86-7ffdfacdfa9e 1692->1699 1693->1699 1694->1674 1695->1657 1698->1693 1705 7ffdfacdf917-7ffdfacdf91e 1698->1705 1710 7ffdfacdf9da-7ffdfacdf9de 1700->1710 1711 7ffdfacdf9e4-7ffdfacdf9ee ERR_new 1700->1711 1703 7ffdfacdf7f1-7ffdfacdf804 call 7ffdfac81389 1702->1703 1704 7ffdfacdf7de-7ffdfacdf7ec 1702->1704 1712 7ffdfacdf80a-7ffdfacdf82b 1703->1712 1713 7ffdfacdfa2c-7ffdfacdfa3b call 7ffdfac81b9a ERR_new 1703->1713 1704->1655 1705->1667 1710->1693 1710->1711 1711->1694 1712->1713 1717 7ffdfacdf831-7ffdfacdf83c 1712->1717 1713->1672 1718 7ffdfacdf872-7ffdfacdf893 1717->1718 1719 7ffdfacdf83e-7ffdfacdf84a 1717->1719 1722 7ffdfacdf899-7ffdfacdf8a5 call 7ffdfac81140 1718->1722 1723 7ffdfacdfa13-7ffdfacdfa22 call 7ffdfac81b9a ERR_new 1718->1723 1719->1700 1724 7ffdfacdf850-7ffdfacdf853 1719->1724 1722->1663 1722->1723 1723->1713 1724->1718 1726 7ffdfacdf855-7ffdfacdf86d call 7ffdfac81b9a 1724->1726 1726->1655
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ERR_new.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFDFACDF416), ref: 00007FFDFACDF762
                                                                                                                                                                                                                                                      • ERR_set_debug.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFDFACDF416), ref: 00007FFDFACDF77A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                                      • API String ID: 193678381-552286378
                                                                                                                                                                                                                                                      • Opcode ID: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                                                                      • Instruction ID: 58c88106db033d427fa4316e771d3b170f18393625b180751f9293852dd1c5b5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAA19D2AB0864281EB699F26D460BBD23A0FF40B48F544076CA6D4B6DDDE3DE945C790
                                                                                                                                                                                                                                                      Function 00007FF6E5781470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                      • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                      • Opcode ID: 72f99dadd0a2177c1d42b060d7648ca84eb7dddf70f4030becfdb2944091b5e7
                                                                                                                                                                                                                                                      • Instruction ID: fa39254ce2afc7f5f1275155fe194beac0db39c091bc86833a5bf56acfbd87cd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72f99dadd0a2177c1d42b060d7648ca84eb7dddf70f4030becfdb2944091b5e7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16418E23B0869286EE10DB2294207B96391BF44F94F444932ED1DC7B96DE3EED75870B
                                                                                                                                                                                                                                                      Function 00007FF6E5781210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1916 7ff6e5781210-7ff6e578126d call 7ff6e578bd80 1919 7ff6e5781297-7ff6e57812af call 7ff6e5794f44 1916->1919 1920 7ff6e578126f-7ff6e5781296 call 7ff6e5782710 1916->1920 1925 7ff6e57812d4-7ff6e57812e4 call 7ff6e5794f44 1919->1925 1926 7ff6e57812b1-7ff6e57812cf call 7ff6e5794f08 call 7ff6e5782910 1919->1926 1932 7ff6e5781309-7ff6e578131b 1925->1932 1933 7ff6e57812e6-7ff6e5781304 call 7ff6e5794f08 call 7ff6e5782910 1925->1933 1938 7ff6e5781439-7ff6e578146d call 7ff6e578ba60 call 7ff6e5794f30 * 2 1926->1938 1934 7ff6e5781320-7ff6e5781345 call 7ff6e579039c 1932->1934 1933->1938 1945 7ff6e578134b-7ff6e5781355 call 7ff6e5790110 1934->1945 1946 7ff6e5781431 1934->1946 1945->1946 1952 7ff6e578135b-7ff6e5781367 1945->1952 1946->1938 1954 7ff6e5781370-7ff6e5781398 call 7ff6e578a1c0 1952->1954 1957 7ff6e578139a-7ff6e578139d 1954->1957 1958 7ff6e5781416-7ff6e578142c call 7ff6e5782710 1954->1958 1960 7ff6e5781411 1957->1960 1961 7ff6e578139f-7ff6e57813a9 1957->1961 1958->1946 1960->1958 1962 7ff6e57813ab-7ff6e57813b9 call 7ff6e5790adc 1961->1962 1963 7ff6e57813d4-7ff6e57813d7 1961->1963 1967 7ff6e57813be-7ff6e57813c1 1962->1967 1965 7ff6e57813ea-7ff6e57813ef 1963->1965 1966 7ff6e57813d9-7ff6e57813e7 call 7ff6e57a9e30 1963->1966 1965->1954 1969 7ff6e57813f5-7ff6e57813f8 1965->1969 1966->1965 1970 7ff6e57813c3-7ff6e57813cd call 7ff6e5790110 1967->1970 1971 7ff6e57813cf-7ff6e57813d2 1967->1971 1973 7ff6e578140c-7ff6e578140f 1969->1973 1974 7ff6e57813fa-7ff6e57813fd 1969->1974 1970->1965 1970->1971 1971->1958 1973->1946 1974->1958 1976 7ff6e57813ff-7ff6e5781407 1974->1976 1976->1934
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                      • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                      • Opcode ID: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                                      • Instruction ID: 04cb32d66c15de951b6a7770d9b094148f0a76274542a0abc184ab17383fac48
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A51F423A0869285EE609B11A4603BA6291FF85F94F444131ED4DC7BD6EE3EEC71C70B
                                                                                                                                                                                                                                                      Function 00007FF6E57836B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF6E5783804), ref: 00007FF6E57836E1
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00007FF6E5783804), ref: 00007FF6E57836EB
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E5783706,?,00007FF6E5783804), ref: 00007FF6E5782C9E
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E5783706,?,00007FF6E5783804), ref: 00007FF6E5782D63
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5782C50: MessageBoxW.USER32 ref: 00007FF6E5782D99
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                      • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                      • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                      • Instruction ID: 5b0fec96b832982856d0075ac314ea0618ec70d315b532f091164405fb2f4e42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F21B753B1895291FE209725EC703B62254BF44B94F800131EA5EC65D6EE2EED34C30B
                                                                                                                                                                                                                                                      Function 00007FF6E579BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                                      • Instruction ID: b3bb25ea907e6c21243a0528ec2b95cf3cf68bb4d61e4bd289e7f6af573058a9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52C1E12390C68681EE609B1590643BD2FA5FB81F80F574135EA4DC3391CE7EEC75872A
                                                                                                                                                                                                                                                      Function 00007FFDFACF15A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                                                                      • API String ID: 193678381-2714770296
                                                                                                                                                                                                                                                      • Opcode ID: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                                                                      • Instruction ID: faee9df315cb6be5369e2f200d65e37a0ca560b0adde036ea7273db68cbc9933
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F614A36B087C285EB588F25E560BAD37A0FB45B48F188076DB9D87799DF3CD4548720
                                                                                                                                                                                                                                                      Function 00007FF6E5786360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentProcess
                                                                                                                                                                                                                                                      • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                      • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                      • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                                      • Instruction ID: b1b471b0bde8407fdf8a3984a7dbc7e0e2b9f790d63925557c86df373d90959b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E419423A1C696A1EE10DB10E4243E96355FF54B44F800132EA5DC7696EF3DEA35C347
                                                                                                                                                                                                                                                      Function 00007FFDFAC9FD40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                      • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                                                      • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                                                      • Opcode ID: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                                                      • Instruction ID: da5fc589374c5ac8998da85fc0aa2c6f8e20b9bdc6fdb46506a2773828fa8590
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC21D626F0868242F749AB35E4217BD2351EF88B98F584271E96D0A7CEDE2CE4818650
                                                                                                                                                                                                                                                      Function 00007FFDFABE2D10 Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyDict_New.PYTHON313(?,?,?,?,00007FFDFABE3FBB,?,?,?,?,00000000,00007FFDFABCCDCA,?,?,?,00007FFDFABC2353), ref: 00007FFDFABE2D25
                                                                                                                                                                                                                                                      • PyDict_New.PYTHON313(?,?,?,?,00007FFDFABE3FBB,?,?,?,?,00000000,00007FFDFABCCDCA,?,?,?,00007FFDFABC2353), ref: 00007FFDFABE2D3B
                                                                                                                                                                                                                                                      • PyDict_New.PYTHON313(?,?,?,?,00007FFDFABE3FBB,?,?,?,?,00000000,00007FFDFABCCDCA,?,?,?,00007FFDFABC2353), ref: 00007FFDFABE2D51
                                                                                                                                                                                                                                                      • ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z.PYWINTYPES313(?,?,?,?,00007FFDFABE3FBB,?,?,?,?,00000000,00007FFDFABCCDCA,?,?,?,00007FFDFABC2353), ref: 00007FFDFABE2DC8
                                                                                                                                                                                                                                                      • PyDict_SetItem.PYTHON313(?,?,?,?,00007FFDFABE3FBB,?,?,?,?,00000000,00007FFDFABCCDCA,?,?,?,00007FFDFABC2353), ref: 00007FFDFABE2DE3
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,?,00007FFDFABE3FBB,?,?,?,?,00000000,00007FFDFABCCDCA,?,?,?,00007FFDFABC2353), ref: 00007FFDFABE2DF9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dict_$D@@@DeallocFromItemObject_U_object@@
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 493995867-0
                                                                                                                                                                                                                                                      • Opcode ID: 4678b19076b3a4f207a4dd67704a6fba1b1dadb53973435a99e6f3baca2fd851
                                                                                                                                                                                                                                                      • Instruction ID: 09f331f651181f1ca9f5fe0e8604933f48959f330b7a9d767d65fba946f3f069
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4678b19076b3a4f207a4dd67704a6fba1b1dadb53973435a99e6f3baca2fd851
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1313C29F09B5285FF5D9B14A4A4B7932A5FF44B90F8801B5DA2D423DCEF2CE8508341
                                                                                                                                                                                                                                                      Function 00007FF6E5795628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                                                                                      • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                                      • Instruction ID: 33974b73b0be635f95206d5451cbbd7df3dd0451dbb791a2882e1bf961cfc4d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8418123D2879283EB508F20D5603696760FF94BA4F119335EA9C83AD2DF7DA9F08715
                                                                                                                                                                                                                                                      Function 00007FF6E578CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3251591375-0
                                                                                                                                                                                                                                                      • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                      • Instruction ID: 05bb0bea18d81b239c05cb3fb1e89d83595bb84ce170ea995cf784114a5e6fce
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52313923E0826681FE54BB6594723B91685AF45F84F455034DA0DCB2D3DE2FBC34831B
                                                                                                                                                                                                                                                      Function 00007FFDFACDF070 Relevance: 3.3, APIs: 2, Instructions: 303COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1231514297-0
                                                                                                                                                                                                                                                      • Opcode ID: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                                                                      • Instruction ID: 309e0207099ca77b5c4d3562b7a277a54532abd31c581a4767b62c9ec5a1d9b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7821C93AF0834286F76C9E26A861A7D36E0FF00B58F188475DA7D462DDDE38E441C7A1
                                                                                                                                                                                                                                                      Function 00007FF6E579013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                      • Instruction ID: f85e69355c849c9989385d362b28a38bc26b9a0b59948c9a8f2d23a9d9d73d35
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30511823B2924186EF64DA25942077E6691BF44FA4F1A4634DD7DC37C5CE3EEC30862A
                                                                                                                                                                                                                                                      Function 00007FFDFAC81DF7 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1231514297-0
                                                                                                                                                                                                                                                      • Opcode ID: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                                                                      • Instruction ID: aeb280a98c352c2fe29e866bd69b949418ee28dbe821ff7bdba20cfafbb5f135
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3721C63AF0824285F76C5E269860A7D26D0FF40B44F2480B5D93D462DDCE3CE941C7A1
                                                                                                                                                                                                                                                      Function 00007FF6E579C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                                                                                      • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                      • Instruction ID: 8a6036abc1f661d46dbcb156fcaf58e24f8aeed5622670d911bcfa3c3512a2bd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811EF62618A8181DE208B25A820269A361AB85FF0F540331EE7DCB7E9CE3DD8308709
                                                                                                                                                                                                                                                      Function 00007FF6E579AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF6E579A9D5,?,?,00000000,00007FF6E579AA8A), ref: 00007FF6E579ABC6
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF6E579A9D5,?,?,00000000,00007FF6E579AA8A), ref: 00007FF6E579ABD0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 918212764-0
                                                                                                                                                                                                                                                      • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                      • Instruction ID: 637fb9be61b830893466d697cf975e9d54107538ca6ae010dfcf86c2584f4804
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99210813F0D68201FEA0979594B037D16929F84F90F0A0238D96EC77C2CE6EEC70431A
                                                                                                                                                                                                                                                      Function 00007FF6E579BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                      • Instruction ID: 109b2fe229f27420485463cbf3ab81e80e8ae027e2a6e44ba56847c0641b628b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4041D27391D24187EE248A19A4603797BA1EB55F80F150135EA8EC37D1CF2EE832CB66
                                                                                                                                                                                                                                                      Function 00007FFDFACDEDB0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,FFFFFFFF,00000000,?,00007FFDFACDF3FE), ref: 00007FFDFACDEE57
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: M_grow_clean
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 964628749-0
                                                                                                                                                                                                                                                      • Opcode ID: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                                                                      • Instruction ID: 5ed9d9ff64725fb90e7bfe0dcd1007e57baab2fbb9791faabee7ae00e002b0a5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27416D3AB0968686EB689F26D46077D2791FB40B88F188175CA7D4B7DCCF38E841C750
                                                                                                                                                                                                                                                      Function 00007FF6E5787F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                                                                                      • Opcode ID: 479405c7ef634ee4bdd4ed85459738d9743f05c8c4b8da07aaad499d404441fa
                                                                                                                                                                                                                                                      • Instruction ID: 3c6d1715586e31ef05ec306b2075db5ac3a7ed67785771f5256eddfa68256070
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 479405c7ef634ee4bdd4ed85459738d9743f05c8c4b8da07aaad499d404441fa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7821AD13B1866245FE509A1269247B95651BF45FC4F8D4430DE0DCB746CE7EE871C70B
                                                                                                                                                                                                                                                      Function 00007FF6E579B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                      • Instruction ID: 80c83dd5f771e20f7c1f56a3950d876b93bda5459f22742e76a842be4c018733
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F318F23A2C64281EA116B55946537C2AA1BF80FA0F430135E95DC73D2CE7EACB1872B
                                                                                                                                                                                                                                                      Function 00007FF6E5795F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                      • Instruction ID: 5759d6a29f0dd222a70ae74b56062fd9afea943b1e1c602e80b8f7332003ff42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31118363A2965241EE609F1194203796261BF85F80F460035EA8CD7A95CF3EDC70472A
                                                                                                                                                                                                                                                      Function 00007FF6E57A6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                      • Instruction ID: 3481a6859c8c55bc28b88c3e318470f0a9f07f8030ce9607f1846aa2784fefae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D321B073A1CA4286DF619F28D45037976A0BB84F54F244234EA5EC76DADF3ED8318B05
                                                                                                                                                                                                                                                      Function 00007FF6E57903BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                                                                                      • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                      • Instruction ID: 4a5a880bdeb80a001d695a690e5773d9721348df64cd1ae73c63d6951491f422
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E90108A2A2874140EE40DF525910269A7A1BF92FE0F4A4230EE5CD3BE6CE3ED8318315
                                                                                                                                                                                                                                                      Function 00007FFDFAC81D48 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2948289465.00007FFDFAC81000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAC80000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948268208.00007FFDFAC80000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948289465.00007FFDFAD03000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948418571.00007FFDFAD05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948462756.00007FFDFAD2D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD32000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD38000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948488076.00007FFDFAD40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfac80000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: O_ctrl
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3605655398-0
                                                                                                                                                                                                                                                      • Opcode ID: c921bd486a97e7f46db7fcb7af9098ff3867d55a4c011b1e5539e085f49d76b1
                                                                                                                                                                                                                                                      • Instruction ID: 1541415adda5273975c7c32653b12f15d788d76dcb9ab9fa30396451e614ebed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c921bd486a97e7f46db7fcb7af9098ff3867d55a4c011b1e5539e085f49d76b1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96E026E6F0400243F32417799856F6D12A0EF8C718F641074EE2C86BCADAADDCE38654
                                                                                                                                                                                                                                                      Function 00007FF6E5788E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00007FF6E5789390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E57845F4,00000000,00007FF6E5781985), ref: 00007FF6E57893C9
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00007FF6E5786476,?,00007FF6E578336E), ref: 00007FF6E5788EA2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2592636585-0
                                                                                                                                                                                                                                                      • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                                      • Instruction ID: 2fde23937ccc20e6555fd4ec77cdb87c5a7bc83104135a94be529625635e0ddc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1ED0C212F3429642EE44A767BA5673A5252AF89FC0F88C035EE0D83B4ADC3DC8B14B04
                                                                                                                                                                                                                                                      Function 00007FF6E579D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF6E5790C90,?,?,?,00007FF6E57922FA,?,?,?,?,?,00007FF6E5793AE9), ref: 00007FF6E579D63A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946737341.00007FF6E5781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E5780000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946707308.00007FF6E5780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946774564.00007FF6E57AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946821228.00007FF6E57C1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946877241.00007FF6E57C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff6e5780000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                                                                      • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                      • Instruction ID: 13e1013eeecf3b1ba1c3488490e1c63855af920ad1c0616257256ae496332831
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFF03A16A0928240FE565AB1586577612915F88FE0F0A0630DD2EC62C2DE2EACB0812A

                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                      Function 00007FFDFABEA880 Relevance: 68.5, APIs: 24, Strings: 15, Instructions: 237threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Eval_Object_StringThread$InstanceRestoreSave$AttrBuildClearFormatFreeFromOccurredTaskU_object@@Value
                                                                                                                                                                                                                                                      • String ID: AuthInfo$AuthnLevel$AuthnSvc$AuthzSvc$Capabilities$ImpLevel$None is not a valid interface object in this context$O:QueryBlanket$ServerPrincipalName$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)${s:k, s:k, s:N, s:k, s:k, s:O, s:k}
                                                                                                                                                                                                                                                      • API String ID: 524826855-701739339
                                                                                                                                                                                                                                                      • Opcode ID: 08d822bdeb83b6d7e03afaa67bfe1e0f3924da3af12c117e9b466ecddb885818
                                                                                                                                                                                                                                                      • Instruction ID: 54703285e562be579aa2ca2263b6cb3069cb3ef698d7a69d6922691e93111632
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08d822bdeb83b6d7e03afaa67bfe1e0f3924da3af12c117e9b466ecddb885818
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25C14F29B08B4295FB18DB55E4A0ABD63A5FF84B95F8440B6CA6D43798DF3CE449C340
                                                                                                                                                                                                                                                      Function 00007FFDFABECB70 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 207threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_$RestoreSave$Object_String$DeallocInstance$AttrBuildClearErrorFormatFromInfoObjectOccurredU_object@@Value
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$OkO:SetProperty$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 512730831-2279418479
                                                                                                                                                                                                                                                      • Opcode ID: 9404b9c377235376456b046102f0916b338ca491dd8fcc18aa92ad109500faf8
                                                                                                                                                                                                                                                      • Instruction ID: e6df3441a8f589e7d5733abf3a298422bd86654e6ac799b884b105357c8cbaab
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9404b9c377235376456b046102f0916b338ca491dd8fcc18aa92ad109500faf8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20A11C69B08A4291FB589B55E8B497D23A1FF45B84F8444B2D92E473ECDF3CE805C381
                                                                                                                                                                                                                                                      Function 00007FFDFABEDA90 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 200threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$String$Object_$Eval_InstanceThread$Arg_AttrClearFormatFromLongLong_OccurredParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: O:AddRefTypeInfo$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 2195012383-864360029
                                                                                                                                                                                                                                                      • Opcode ID: a8f7af0e8907f2e740bfe25616abf3bf2ce9193e680f25f711d60d71c6f6d13c
                                                                                                                                                                                                                                                      • Instruction ID: 50e07e0af7a13f633d9719c178ce21c04520d970088a79ba4c4b02805c9f3a70
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8f7af0e8907f2e740bfe25616abf3bf2ce9193e680f25f711d60d71c6f6d13c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6914F29B08A4291FB08DF65E8B497D63E1FF44B94B8444B2CA2D876D8DFBCE855C301
                                                                                                                                                                                                                                                      Function 00007FFDFABD7B40 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 156threadlibraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$U_object@@$Err_Object_$Dealloc$D@@@FromLong_Ptr@@Void$AddressArg_BuildClearDict_ErrorFormatInfoItemLibraryLoadObjectParseProcStringSubclassTupleValue
                                                                                                                                                                                                                                                      • String ID: Not available on this platform$OOO$ObjectFromLresult$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$oleacc.dll
                                                                                                                                                                                                                                                      • API String ID: 2496039126-61211265
                                                                                                                                                                                                                                                      • Opcode ID: 1e78c53d427ea94a9f324b1635429e505fbdaa07bb74185ed0fb6898ffe3e7c7
                                                                                                                                                                                                                                                      • Instruction ID: ec3e4ae7ff4005b7dc808950d08ff0d4ff417992957bc42da4185f5abcef4b94
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e78c53d427ea94a9f324b1635429e505fbdaa07bb74185ed0fb6898ffe3e7c7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2713B29B08B4295FB589B15E864ABD63B1FF88B84F8444B5D96E8779CEF3CE045C300
                                                                                                                                                                                                                                                      Function 00007FFDFABD4B80 Relevance: 70.2, APIs: 31, Strings: 9, Instructions: 250threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Object_Thread$Eval_String$InstanceRestoreSave$ClearD@@@DeallocFormatU_object@@$Arg_AttrDict_FromInterInterfaceItemMarshalOccurredParseStreamSubclassTuple
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$OO:CoMarshalInterThreadInterfaceInStream$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 3258495939-3992131260
                                                                                                                                                                                                                                                      • Opcode ID: 1193b0936db64b6e7d189aa776db46e56148a5099947978452992733660ef2b3
                                                                                                                                                                                                                                                      • Instruction ID: ebaf8ea76be1a45bb2a4bd86227741f49f0feb564aa1a27fb65cc0026f49443b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1193b0936db64b6e7d189aa776db46e56148a5099947978452992733660ef2b3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40C10B29B08A4392FB199B55E86497D63A1FF89B84F8440B2DA6E477ECDF7CE405C340
                                                                                                                                                                                                                                                      Function 00007FFDFABC3970 Relevance: 70.2, APIs: 33, Strings: 7, Instructions: 210memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC399E
                                                                                                                                                                                                                                                      • ?PyWinObject_AsBstr@@YAHPEAU_object@@PEAPEA_WHPEAK@Z.PYWINTYPES313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC39C3
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00007FFDFABC39D4
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC39EB
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3A04
                                                                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3A14
                                                                                                                                                                                                                                                      • ?PyWinObject_AsBstr@@YAHPEAU_object@@PEAPEA_WHPEAK@Z.PYWINTYPES313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3A39
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00007FFDFABC3A4A
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3A61
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3A7A
                                                                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3A8A
                                                                                                                                                                                                                                                      • ?PyWinObject_AsBstr@@YAHPEAU_object@@PEAPEA_WHPEAK@Z.PYWINTYPES313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3AAF
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00007FFDFABC3AC0
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3AD7
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3AF0
                                                                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B05
                                                                                                                                                                                                                                                      • PyNumber_Long.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B1F
                                                                                                                                                                                                                                                      • PyLong_AsLong.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B30
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B47
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B4F
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B68
                                                                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B78
                                                                                                                                                                                                                                                      • PyNumber_Long.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3B92
                                                                                                                                                                                                                                                      • PyLong_AsLong.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3BA3
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3BBA
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3BCB
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3BE4
                                                                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3BF4
                                                                                                                                                                                                                                                      • PyNumber_Long.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3C13
                                                                                                                                                                                                                                                      • PyLong_AsLong.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3C24
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3C3E
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3C46
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313(?,?,?,00007FFDFABC3ED0,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC3817), ref: 00007FFDFABC3C5F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocObject_String$AttrClearErr_Long$AllocBstr@@Long_Number_U_object@@
                                                                                                                                                                                                                                                      • String ID: <Bad String Object>$code$description$helpcontext$helpfile$scode$source
                                                                                                                                                                                                                                                      • API String ID: 3990970108-1363959443
                                                                                                                                                                                                                                                      • Opcode ID: 547d23819fc1a0aa53f1cfedbc9f42698f8de3fac7649c6d29310ef7cd265693
                                                                                                                                                                                                                                                      • Instruction ID: 178b735123a320eabccb70394be115aa2abaf862be68babacf0c6b0a43ac4a70
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 547d23819fc1a0aa53f1cfedbc9f42698f8de3fac7649c6d29310ef7cd265693
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FA10835F09B4392FB5C9B25A864E7CA3E0EF45B44F8954B5DA6E426D8EF2DE490C300
                                                                                                                                                                                                                                                      Function 00007FFDFABEAEB0 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 278threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Eval_Thread$Object_String$RestoreSave$ClearInstance$AttrD@@@DeallocDict_FormatFromItemOccurredSubclassU_object@@
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$O:CopyProxy$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 1654362002-3565943136
                                                                                                                                                                                                                                                      • Opcode ID: 8d22f7fb159bce3b4db57e3c1f03d516569801a1ae53dc8e0e64ea5bbc511839
                                                                                                                                                                                                                                                      • Instruction ID: 2e35a174d1b7a000689b5741b877f6d9fb85bf7037b4fdc535c96e2216808b43
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d22f7fb159bce3b4db57e3c1f03d516569801a1ae53dc8e0e64ea5bbc511839
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55C14D69B09A0291FB199B55E8B097C23A1FF84B95F8484B2CD2D473ECDE7CE845C341
                                                                                                                                                                                                                                                      Function 00007FFDFABD5E60 Relevance: 63.2, APIs: 29, Strings: 7, Instructions: 247threadcomCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_Thread$Object_RestoreSaveString$D@@@FormatInstanceOccurredU_object@@$Arg_ClearDeallocDict_FromItemLoadParseSubclassTuple
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$OOO:OleLoad$The Python IID map is invalid - the value is not an interface type object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 3610570848-1529046959
                                                                                                                                                                                                                                                      • Opcode ID: 12dee3cfcbc85b15800122a5c6d446d02268fd2ed17555d0ecdcf2143fbb1417
                                                                                                                                                                                                                                                      • Instruction ID: 8eecfb7443eb86052a069efac16773808012108ddb20eeeafa37b59c17b5af64
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12dee3cfcbc85b15800122a5c6d446d02268fd2ed17555d0ecdcf2143fbb1417
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6C1FD29B18A4291FB189B15E874A7D63A0FF88F84F4454B6DD6E8779CDE3CE445C340
                                                                                                                                                                                                                                                      Function 00007FFDFABCE940 Relevance: 52.8, APIs: 27, Strings: 3, Instructions: 282threadstringCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyUnicode_AsUTF8.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCE963
                                                                                                                                                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCE97C
                                                                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCE9C3
                                                                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCE9D1
                                                                                                                                                                                                                                                      • PyObject_GenericGetAttr.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEA99
                                                                                                                                                                                                                                                      • PyErr_Clear.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEAA8
                                                                                                                                                                                                                                                      • ?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEABB
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32 ref: 00007FFDFABCEAC9
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEAD6
                                                                                                                                                                                                                                                      • ?PyWinObject_FreeWCHAR@@YAXPEA_W@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEB05
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEB0E
                                                                                                                                                                                                                                                      • PyErr_SetObject.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEB2D
                                                                                                                                                                                                                                                      • SafeArrayGetDim.OLEAUT32 ref: 00007FFDFABCEBAF
                                                                                                                                                                                                                                                      • PyErr_Format.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEBCC
                                                                                                                                                                                                                                                      • SafeArrayGetDim.OLEAUT32 ref: 00007FFDFABCEBDA
                                                                                                                                                                                                                                                      • PyErr_Format.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEBF6
                                                                                                                                                                                                                                                      • SafeArrayGetUBound.OLEAUT32 ref: 00007FFDFABCEC15
                                                                                                                                                                                                                                                      • SafeArrayGetLBound.OLEAUT32 ref: 00007FFDFABCEC32
                                                                                                                                                                                                                                                      • SafeArrayGetRecordInfo.OLEAUT32 ref: 00007FFDFABCEC4A
                                                                                                                                                                                                                                                      • PyTuple_New.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCEC85
                                                                                                                                                                                                                                                      • _Py_NewReference.PYTHON313(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00007FFDFABCE756), ref: 00007FFDFABCECD7
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_$ArraySafe$Object_RestoreSave$BoundDeallocFormatInfoObjectU_object@@$AttrBuildClearErrorFreeFromGenericInitMemoryRecordReferenceTuple_Unicode_ValueVariantmallocstrcmp
                                                                                                                                                                                                                                                      • String ID: Did not get a buffer for the array!$Only support single dimensional arrays of records$__members__
                                                                                                                                                                                                                                                      • API String ID: 1698912420-4199362239
                                                                                                                                                                                                                                                      • Opcode ID: 74414800d0552f0531fc93be48073f0755b19a1763c29ce602da499a02820b2a
                                                                                                                                                                                                                                                      • Instruction ID: ff91bea1bbdb91bb327d8080b75420f6ac44a15a9a5b0621d74f9ce642581bea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74414800d0552f0531fc93be48073f0755b19a1763c29ce602da499a02820b2a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17C1402AB05A42D6EB189F25D864EBD23A0FF48B94B954475DE2EA37D8DF3DE405C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC0AC40 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 215COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: OOi|zi:OpenStorage$The Python IID map is invalid - the value is not an interface type object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 1450464846-990463234
                                                                                                                                                                                                                                                      • Opcode ID: 516f2642505758276980b966bd65e5477f52ac2666b88697fade553129743350
                                                                                                                                                                                                                                                      • Instruction ID: 9432f570cd7be3f94214f73eb38a75a135a5cd026cc1fdb950664100188380ed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 516f2642505758276980b966bd65e5477f52ac2666b88697fade553129743350
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80A16C6AB19A5295FB589B15E860BBD63B0FF44B85F0880B2DD6D836D8DF3CE445C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC18904 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$LongLong_String$Format$Object_SizeTuple_$Arg_ArrayBstr@@CreateDeallocFreeNumber_OccurredParseSafeTupleU_object@@Void
                                                                                                                                                                                                                                                      • String ID: Expecting a tuple of length %d or None.$Inplace SAFEARRAY mucking isn't allowed, doh!$OLE type description - expecting a tuple$OOO:WriteFromOutTuple$Return value[%d] with type BSTR was longer than the input value: %d$The VARIANT type is unknown (0x%x).
                                                                                                                                                                                                                                                      • API String ID: 544121207-2746864272
                                                                                                                                                                                                                                                      • Opcode ID: 88b8d70bfb7888c05bc5cabf091e763b890ed64f927bf44300bb156e3ba1c392
                                                                                                                                                                                                                                                      • Instruction ID: bfe8fda3128e6b65e8c5e348902fe46a76fa071fa7914f009c49e314d51b92e3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88b8d70bfb7888c05bc5cabf091e763b890ed64f927bf44300bb156e3ba1c392
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80B14F3AB0CA4296FB188B19D464ABD63A1FF49B84F5444B1CA6E977D8DE3CF456C300
                                                                                                                                                                                                                                                      Function 00007FFDFABC7EB0 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClearErr_$DeallocFromState_Tuple_$DoubleEnsureItemLong_Object_ReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: _GetIDsOfNames_
                                                                                                                                                                                                                                                      • API String ID: 3766188944-521210149
                                                                                                                                                                                                                                                      • Opcode ID: af0fd0ad0f398063c6733c4c342adb8fe568e439a4fb4aed1009be436449a6ff
                                                                                                                                                                                                                                                      • Instruction ID: 7521e741d9d9cabeb9005cd1764078d7e39c8d2cf9839e6736ad804c39e772a5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af0fd0ad0f398063c6733c4c342adb8fe568e439a4fb4aed1009be436449a6ff
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64615935B08A43A2FB189F65A8A4D3C63E1BF44B50F4545B5DAAE826D8DF3CB485C701
                                                                                                                                                                                                                                                      Function 00007FFDFAC14BD0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_Object_$ArrayFromObjectSafeU_object@@$BufferDataView@@$AccessClearElementItemSequence_SizeStringU_object@@_UnaccessVariantmemcpy
                                                                                                                                                                                                                                                      • String ID: All dimensions must be a sequence of the same size$Could not set the SAFEARRAY element$Internal error - the buffer length is not the sequence length!$Internal error - unexpected argument - only simple VARIANTTYPE expected
                                                                                                                                                                                                                                                      • API String ID: 2035938186-1356164553
                                                                                                                                                                                                                                                      • Opcode ID: 5d86637ab1c27fdb75c306f7bc571d7cf0912799a1ea50d32d3adb8be529ada7
                                                                                                                                                                                                                                                      • Instruction ID: 3c41aadd719956c0ae61c7fdce96a8aa9d81181abeac94955438da60ae92dc40
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d86637ab1c27fdb75c306f7bc571d7cf0912799a1ea50d32d3adb8be529ada7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13915C7AB08A02A5FB19DF25D964ABD63A1FF48B84F5440B1DA2E56ADCDF3CE445C300
                                                                                                                                                                                                                                                      Function 00007FFDFABD0C00 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 209threadlibraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Object_Thread$Err_U_object@@$RestoreSave$AddressArg_ClearD@@@DeallocDict_FormatFreeFromHandleItemKeywordsMem_ModuleParseProcStringSubclassTuple
                                                                                                                                                                                                                                                      • String ID: OiiiO&|OO:StgCreateStorageEx$Ole32.dll$StgCreateStorageEx$StgCreateStorageEx not supported by this version of Windows$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 3081650828-3294452327
                                                                                                                                                                                                                                                      • Opcode ID: 9980cae1a35e21c361899850085f151c8e0b0ee5ab2b9ad67d5ba49a52ab2280
                                                                                                                                                                                                                                                      • Instruction ID: 05a8089634f6c3dc221ab54ea8e819e9fa48f4ad4989e6bda44e95766d1c0497
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9980cae1a35e21c361899850085f151c8e0b0ee5ab2b9ad67d5ba49a52ab2280
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82A10839B09A029AFB18DB61E860ABD33A1FB48B94B844575DE6E537D8DF3CE505C340
                                                                                                                                                                                                                                                      Function 00007FFDFABF4C10 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 202threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$Err_$DeallocObject_String$Arg_ClearD@@@Dict_FromItemParseSubclassTupleTuple_U_object@@memset
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|l:Next
                                                                                                                                                                                                                                                      • API String ID: 3151522385-2073613222
                                                                                                                                                                                                                                                      • Opcode ID: bebb7688d6dc27682f3902723d951c9af90bda6cbca9bf086570401e56dcf950
                                                                                                                                                                                                                                                      • Instruction ID: 21995c8943920bcd9420a7c9e2fb6d94b8640b1759b61c3d7d468c28f720b0dc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bebb7688d6dc27682f3902723d951c9af90bda6cbca9bf086570401e56dcf950
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D913939B19B4282EB1C9F66A824A7963A1FF84B80F8844B5DE6D477DCDF3CE4558700
                                                                                                                                                                                                                                                      Function 00007FFDFABF5920 Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 203threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSave$DeallocObject_String$Arg_BuildClearD@@@Dict_FromItemParseSubclassTupleTuple_U_object@@Valuememset
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|l:Next
                                                                                                                                                                                                                                                      • API String ID: 365869195-2073613222
                                                                                                                                                                                                                                                      • Opcode ID: 4c8f11d957bf2d64f27996bf45678c62509854947ebaab039fafda7de43bd1a0
                                                                                                                                                                                                                                                      • Instruction ID: 059f06813ccd9e8e71401f321855643c18e13173d0cf792bf2f7690a6e186f9e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c8f11d957bf2d64f27996bf45678c62509854947ebaab039fafda7de43bd1a0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53915A69B08B8282EB189F55E864A7D63A5FF44B80F8845B1DA6E477D8DF3CE055C700
                                                                                                                                                                                                                                                      Function 00007FFDFABD08D0 Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 198threadlibraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_Object_$RestoreSaveU_object@@$AddressArg_ClearD@@@DeallocDict_FormatFreeFromHandleItemKeywordsMem_ModuleParseProcStringSubclassTuple
                                                                                                                                                                                                                                                      • String ID: OiiiO&|O:StgOpenStorageEx$Ole32.dll$StgOpenStorageEx$StgOpenStorageEx not supported by this version of Windows$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1531689404-2224397758
                                                                                                                                                                                                                                                      • Opcode ID: 8e0d85b12df33b9e38501e22eb155c57a48eccc4e7e82178f20167b50863586b
                                                                                                                                                                                                                                                      • Instruction ID: 5a1748834893901203fc4a7e74ec203dd06fd9e94f872660db9a1be02d15b45b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e0d85b12df33b9e38501e22eb155c57a48eccc4e7e82178f20167b50863586b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15A10629B09B4295FB18CB65E860ABD23A0EB48B98B8445B5DD6E537ECDF3CE505C340
                                                                                                                                                                                                                                                      Function 00007FFDFAC18F20 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Object_$Instance$D@@@FormatOccurredStringU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 4199324350-136146293
                                                                                                                                                                                                                                                      • Opcode ID: d1e300911af3e15d37a783297b14a86fd4eed4f1a4c7167291a456ca0fcb0517
                                                                                                                                                                                                                                                      • Instruction ID: 88eed02b12a913317881eac7abe906013f9dfee393f9c34d9c6913879b6fe835
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1e300911af3e15d37a783297b14a86fd4eed4f1a4c7167291a456ca0fcb0517
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1981092DB08A43E5FB589B65D8B4A7C23A1FF48B88F4444B6CA2E477D8DE6CE445C340
                                                                                                                                                                                                                                                      Function 00007FFDFABC4870 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 157COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$DeallocRestore$FetchObject_State___stdio_common_vswprintf$AttrCallClearEnsureExceptionImportImport_MethodModuleNormalizePythonReleaseStringTraceback@@U_object@@00@free
                                                                                                                                                                                                                                                      • String ID: _GetLogger_$logger$pythoncom %hs: $win32com
                                                                                                                                                                                                                                                      • API String ID: 1729153949-4284417512
                                                                                                                                                                                                                                                      • Opcode ID: 8f497a61296da6ed75c4f8688cd41eb60f8be8e53836b21e125204271b273203
                                                                                                                                                                                                                                                      • Instruction ID: 7bd425361ba6b0353e1dc38550cf2784250aa50d279ac4c0717027541b1d0777
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f497a61296da6ed75c4f8688cd41eb60f8be8e53836b21e125204271b273203
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10614036B18A4291EB489B11F964DBEA3A0FF84B99F444072EE6E436ACDF7CD545C700
                                                                                                                                                                                                                                                      Function 00007FFDFABFDBF0 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 182threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocErr_Object_String$Arg_D@@@Dict_FromItemParseSubclassTupleTuple_U_object@@
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|l:Next
                                                                                                                                                                                                                                                      • API String ID: 3180337578-2073613222
                                                                                                                                                                                                                                                      • Opcode ID: c9cfcb2e2c0d5648c2eca6d6940e6b53dc2f1fea530b844ac6293f89a2a20262
                                                                                                                                                                                                                                                      • Instruction ID: e697bb592f6e90fab3d21a002bbaf2e2fc57e0adb6dfd9730c2984802dc5bb65
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9cfcb2e2c0d5648c2eca6d6940e6b53dc2f1fea530b844ac6293f89a2a20262
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01815839B09B4282EB189B55A824A7D63A0FF85B98F8840B5DE6D477ECDF3CE455C340
                                                                                                                                                                                                                                                      Function 00007FFDFABF5F40 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 176threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_$ErrorEval_InfoSequence_State_Thread$Arg_CheckClearCreateEnsureItemObject_OccurredParseReleaseRestoreSaveSizeStringTuple
                                                                                                                                                                                                                                                      • String ID: <unknown>$Next$Unexpected exception in gateway method '%hs'$result must be a tuple of (PyIUnknown, dwCookie)
                                                                                                                                                                                                                                                      • API String ID: 2850218688-1562171100
                                                                                                                                                                                                                                                      • Opcode ID: d47ea48f32d76c1bbe03f9a12d67ecc221deb444d37432f1b743e90926e8d0f3
                                                                                                                                                                                                                                                      • Instruction ID: a030bc5e2e11254f5deb905d623b1dce7a0b27c4d69206483ec7398758e08d8f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d47ea48f32d76c1bbe03f9a12d67ecc221deb444d37432f1b743e90926e8d0f3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1719036B18A8692EB089B65E87497D63A0FF84F95F945071DE2E877E8DE3CE405C300
                                                                                                                                                                                                                                                      Function 00007FFDFABE5BA0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_$Object_State_String$ClearD@@@Dict_EnsureFromItemReleaseSubclassU_object@@
                                                                                                                                                                                                                                                      • String ID: Load$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1864991668-1545106082
                                                                                                                                                                                                                                                      • Opcode ID: 44df912321787dc32dc756038da9502cf7b1458dfe1b426d80b03f8551d2132a
                                                                                                                                                                                                                                                      • Instruction ID: 702e7fb146bda2f1f991b58eea8bbcb4170f135ddf5cca3d4de29ae4d5576418
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44df912321787dc32dc756038da9502cf7b1458dfe1b426d80b03f8551d2132a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9711B35B0CA4291EB599B15E8B4A7C63A4BF45B80F8485B1D92E877D8DF3CE855C301
                                                                                                                                                                                                                                                      Function 00007FFDFABF3AF0 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$Err_State_$BuildEnsureLongLong_Object_OccurredReleaseStringSubclassValue
                                                                                                                                                                                                                                                      • String ID: DragEnter$OlOl$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 2824385799-2635543928
                                                                                                                                                                                                                                                      • Opcode ID: 8ecca2a0575bbf928bbcf160c17d37f011078e99efe89957519320f94c0bfe0e
                                                                                                                                                                                                                                                      • Instruction ID: 3bddd7906797277534ddd86ed978ec70521797639ab319f6a4ab1b9f2c7e75c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ecca2a0575bbf928bbcf160c17d37f011078e99efe89957519320f94c0bfe0e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE615135B09B8295EB599B65E864A7D63A0FF48B84F884071DD2E8B3D8DF3CE445D700
                                                                                                                                                                                                                                                      Function 00007FFDFABF3EE0 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$Err_State_$BuildEnsureLongLong_Object_OccurredReleaseStringSubclassValue
                                                                                                                                                                                                                                                      • String ID: Drop$OlOl$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 2824385799-3116030788
                                                                                                                                                                                                                                                      • Opcode ID: 53577ef6b41296de838815d55e666a69bab1764cf993df41b462cda2a217814c
                                                                                                                                                                                                                                                      • Instruction ID: d1490f987a2492fc81dcd29497b00a77998c9ff6526450620b9633f5da225220
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53577ef6b41296de838815d55e666a69bab1764cf993df41b462cda2a217814c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5615D39B09A8295FB599B65E864A7D63E0FF48B84F884071DE2E863D8DF3CE445C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC0A9E0 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 151COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: Oii|i:CreateStorage$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1065043913
                                                                                                                                                                                                                                                      • Opcode ID: a97559f4304b59966ac1e986cca5a37a8e64a9f5af886c54af647efed9567353
                                                                                                                                                                                                                                                      • Instruction ID: a030ae2f3e1b380cb353da791dcd27f79f385f43381cae8af90a7e44a3c6552c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a97559f4304b59966ac1e986cca5a37a8e64a9f5af886c54af647efed9567353
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A613F3AB18A5295FB699B15E820A7D63A1FF84B84F488075DE6D837D8DF2CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABD5C30 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 134COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arg_Err_FormatParseTuple
                                                                                                                                                                                                                                                      • String ID: BindOptions must be None$O|OO&:CoGetObject$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 361908667-3647525012
                                                                                                                                                                                                                                                      • Opcode ID: db6debbea6c6eabd0b2c29d820ad2f6391d7eadb6a15f93ae409299e0512f76a
                                                                                                                                                                                                                                                      • Instruction ID: ecd43abf2ced92326de4a152c201ecdde938fcddec3a3278197f9d8d2fd52c31
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db6debbea6c6eabd0b2c29d820ad2f6391d7eadb6a15f93ae409299e0512f76a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD511839B0CA4692FB589B15E864A7D23A4FF48B84F8445B1DD6E837A8DF3CE545C340
                                                                                                                                                                                                                                                      Function 00007FFDFABCFC20 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 127threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AutoBstr@@FreeWin_$Eval_Thread$Arg_Bstr@CreateDocfileParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: Oi|i:StgCreateDocfile$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 3573010966-4165331666
                                                                                                                                                                                                                                                      • Opcode ID: 606cc0990c2b61725b9eb8bfdfcfbdbcf6b199a39b38c178d52815f849d56e81
                                                                                                                                                                                                                                                      • Instruction ID: 46e99ac6f7aef942cb56d15785c08825edc67460346b6c7a0ddb1eee6ea898c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 606cc0990c2b61725b9eb8bfdfcfbdbcf6b199a39b38c178d52815f849d56e81
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12513E39B18B0291FB589B25E864EBD63A1FF85B81F4540B1DA2E876ECDE3CE455C310
                                                                                                                                                                                                                                                      Function 00007FFDFABCFA00 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 135threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyArg_ParseTuple.PYTHON313 ref: 00007FFDFABCFA3A
                                                                                                                                                                                                                                                      • ?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z.PYWINTYPES313 ref: 00007FFDFABCFA52
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFABCFA6A
                                                                                                                                                                                                                                                      • CreateILockBytesOnHGlobal.OLE32 ref: 00007FFDFABCFA81
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABCFA8C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocObject_U_object@@$Arg_BuildBytesCreateErr_ErrorFromGlobalInfoLockObjectParseTupleValue
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|Ol:CreateILockBytesOnHGlobal
                                                                                                                                                                                                                                                      • API String ID: 830482936-536671445
                                                                                                                                                                                                                                                      • Opcode ID: d5bd37bd21996c97541e66be15a5fa51a4b392a30520bdf80c328c686a5829a3
                                                                                                                                                                                                                                                      • Instruction ID: 1d522eb37ad64ad917dd06d0668401659645e3498010d3447aa5510778276343
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5bd37bd21996c97541e66be15a5fa51a4b392a30520bdf80c328c686a5829a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44510A79B08B4282EB589B26E46097D63A1FB88BD1F4940B1DE6E4379DDF3CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABEFEE0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_Object_String$RestoreSaveU_object@@$Arg_Bstr@@ClearD@@@DeallocDict_FreeFromItemParseSubclassTuple
                                                                                                                                                                                                                                                      • String ID: Ol:CreateTypeInfo$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1691665561-470477504
                                                                                                                                                                                                                                                      • Opcode ID: e6a91ae5466056d21db2a7db339371a8906dfcbcd1ad10b6fbaed559b8166e6d
                                                                                                                                                                                                                                                      • Instruction ID: bfdd21e097b3015953dd13ee4ef73d2a181c404ec052c659c3d40274a1be0488
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6a91ae5466056d21db2a7db339371a8906dfcbcd1ad10b6fbaed559b8166e6d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE513C69B19A4281FB499B25E86497D63A1FF85BC0F8840B1DE6E477ECDE2CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC09ED0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 127threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Object_Thread$D@@@Err_U_object@@$RestoreSaveString$Arg_ClearDeallocDict_FromItemParseSubclassTuple
                                                                                                                                                                                                                                                      • String ID: OO:QueryService$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1966702985-2900168733
                                                                                                                                                                                                                                                      • Opcode ID: 014b7dbc18d6f57e20c4a92378513645a19fe1e672168b71614921e4353e8011
                                                                                                                                                                                                                                                      • Instruction ID: 5fc82fbb70e4e290cc1be2162e0f4c9038dc389f864b30d9f306b2d62a34236c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 014b7dbc18d6f57e20c4a92378513645a19fe1e672168b71614921e4353e8011
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60515B2DB18A5691FB589B25E824A7D63B0FF84BC4F4880B1D96E877ECDF2CE4458700
                                                                                                                                                                                                                                                      Function 00007FFDFABF8940 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSave$Object_String$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1062860496-175512089
                                                                                                                                                                                                                                                      • Opcode ID: 013078dee56a493039382bc8f6841cb040b346cd382a9bf0d24c3f95d9449f2a
                                                                                                                                                                                                                                                      • Instruction ID: 75b73c9b5ac6d0441e1cc2d68a6265224bdc9e075ce05942c9c8c33c1d7b318b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 013078dee56a493039382bc8f6841cb040b346cd382a9bf0d24c3f95d9449f2a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47513069B18A4281FB4D9B95E96497D63E1FF48BC0B8850B1D92E477DCDF2CE4458300
                                                                                                                                                                                                                                                      Function 00007FFDFABD2950 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Object_RestoreSave$D@@@Err_U_object@@$ActiveArg_ClearDeallocDict_FromItemObjectParseStringSubclassTuple
                                                                                                                                                                                                                                                      • String ID: O:Connect$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 3189202653-685158464
                                                                                                                                                                                                                                                      • Opcode ID: fb32afdec469271614cca1a4a8ef09c28be4a29631b2a3156b5743866c1a9132
                                                                                                                                                                                                                                                      • Instruction ID: 748ccd8c283d18c9bbf9b8ebbfa78846917600b4f1f92f3427fa04c5a1827212
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb32afdec469271614cca1a4a8ef09c28be4a29631b2a3156b5743866c1a9132
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB51FC39B08B8295FB189F15E86497D63E1FF88B84B8441B6D96E477ACDF3CE5068700
                                                                                                                                                                                                                                                      Function 00007FFDFABF1B30 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 124COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: :EnumDAdvise$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1450464846-3000112118
                                                                                                                                                                                                                                                      • Opcode ID: 43d0dea53b9b20bbe007167d3d0a45052f10dcc43ea1ad341977d03ef3e2a085
                                                                                                                                                                                                                                                      • Instruction ID: ecbcff9e470fa7466596d76d3cbe80b52012d0d46ced199fb1efe0398a5131b7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43d0dea53b9b20bbe007167d3d0a45052f10dcc43ea1ad341977d03ef3e2a085
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2512E29B08A4282FB599B55F96497D63E1FF48BC0B8854B5DA2E477ECDF2CE4858300
                                                                                                                                                                                                                                                      Function 00007FFDFABEBC40 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_Thread$String$Object_RestoreSave$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: :GetConnectionPointContainer$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1575696441-444689646
                                                                                                                                                                                                                                                      • Opcode ID: 525832f0013da9adf25ab31d72b32060b455b744a73e5408a89de19b96dee689
                                                                                                                                                                                                                                                      • Instruction ID: ed5333bd9b8d4fd1630d6a46559a30689c5a01e5e0143aca7e93fffa6325cb4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 525832f0013da9adf25ab31d72b32060b455b744a73e5408a89de19b96dee689
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57515229B18A4291FB5D9B15E8A497D23E0FF48BC4B4494B1DE2E877ECDF2CE8518301
                                                                                                                                                                                                                                                      Function 00007FFDFABE8910 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 124COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: :EnumObjectParam$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1596834398
                                                                                                                                                                                                                                                      • Opcode ID: 485adf1e539dd6248f48350dcdb1cb228a3bfa67d5c6f330a82b87a4a3163f57
                                                                                                                                                                                                                                                      • Instruction ID: 9491ca14838a8753d27340d34d8a9dbbf5f0b46f6c37f491ca4c8a43f97ca9e5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 485adf1e539dd6248f48350dcdb1cb228a3bfa67d5c6f330a82b87a4a3163f57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98513F29F08A4282FB599B55F86497D23E1FF48BC0B8854B1DD2E477ECDE2CE8958301
                                                                                                                                                                                                                                                      Function 00007FFDFAC0CA10 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 122COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocObject_$FromU_object@@$Err_State_$ClearD@@@Dict_EnsureItemReleaseStringSubclass
                                                                                                                                                                                                                                                      • String ID: MoveElementTo$OOOi$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 2641330681-1586369414
                                                                                                                                                                                                                                                      • Opcode ID: d6ba91dd93a06f6a4bb7c99dba9a8896fa276a6e25aa49c79ecca76c75c2fbcc
                                                                                                                                                                                                                                                      • Instruction ID: 3cc84a1c7654c0f1b3e81e3e50e157b70bbfc8cf69b4bf4a5c0c283685d7f069
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6ba91dd93a06f6a4bb7c99dba9a8896fa276a6e25aa49c79ecca76c75c2fbcc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5513939B0DB5282EB589B26E864A7D63A0FF45F94F0884B1DA6D837D8DF3CE4458700
                                                                                                                                                                                                                                                      Function 00007FFDFABD3AC0 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 112threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_CreateFileFreeMem_MonikerObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: O:CreateFileMoniker$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 565804598-1758587608
                                                                                                                                                                                                                                                      • Opcode ID: 4dd5e0ff521f154bc2afb0b6adef986d5d558d43bd44d34be9b8b01c90d43e29
                                                                                                                                                                                                                                                      • Instruction ID: 311e707dae08e7d560332de779c37b7636fad1b067cadd910290bab62af81259
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd5e0ff521f154bc2afb0b6adef986d5d558d43bd44d34be9b8b01c90d43e29
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33411D29B08B4695FB5D9B19E860A7DA3E0FF84B84F4844B1D92E877D9DF3CE5058300
                                                                                                                                                                                                                                                      Function 00007FFDFABCA9A0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Bstr@@ClearDeallocItemLongLong_Object_OccurredSequence_StringU_object@@
                                                                                                                                                                                                                                                      • String ID: At least one argument must be supplied$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 2430672833-3086978936
                                                                                                                                                                                                                                                      • Opcode ID: d6de1277b3e16bad5928eabb63b6a067bd87b38e4c8d860b4bbda19017daf698
                                                                                                                                                                                                                                                      • Instruction ID: 71d9c7645f8245941cb6a9869b45c14fbd290e504af1226167263e7fccf90e79
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6de1277b3e16bad5928eabb63b6a067bd87b38e4c8d860b4bbda19017daf698
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D171A129B2C64692FB189B25A960D3E3392FF44B94F854579DE2E437D8DE3DE441C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC06A60 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_$OccurredState_$EnsureFromLongLong_ReleaseSequence_StringTuple@@Tuple_U_object@@Unsignedmemset
                                                                                                                                                                                                                                                      • String ID: ReadPropertyNames$Sequence not of required length$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 3307134239-3243179091
                                                                                                                                                                                                                                                      • Opcode ID: 96577e9c1c2d0fd5cde0bc7314309dde67ef386be9c1fc41d7773932922001c8
                                                                                                                                                                                                                                                      • Instruction ID: c0da2dec5bac47f0609bcbeb6cebc7f712d108601071ae94ee947fba3342987a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96577e9c1c2d0fd5cde0bc7314309dde67ef386be9c1fc41d7773932922001c8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E61817AB19A5291EB589F25E824A7D33B0FF44B94F489071D9AE876DCDE7CE444C300
                                                                                                                                                                                                                                                      Function 00007FFDFABE7F20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_$Object_RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: :GetRunningObjectTable$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 195898724-2623800328
                                                                                                                                                                                                                                                      • Opcode ID: c0892c4c074c83a2864484937a27724f1a278c7a699297f4570f7e23a64ec22c
                                                                                                                                                                                                                                                      • Instruction ID: bc2a9bb3ca8461801c844c4fc7b6fc18c57f66324c85ccd362f38b0f2bf4a85c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0892c4c074c83a2864484937a27724f1a278c7a699297f4570f7e23a64ec22c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2515F29B18A4281FB5D9B55E9A497D63A1FF48BC0B4850B1DE2E477ECDE2CE8458301
                                                                                                                                                                                                                                                      Function 00007FFDFABD69A0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • The type does not declare a PyCom constructor, xrefs: 00007FFDFABD6B1A
                                                                                                                                                                                                                                                      • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFABD6B05
                                                                                                                                                                                                                                                      • There is no interface object registered that supports this IID, xrefs: 00007FFDFABD6AD8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_CreateFreeLib2Mem_Object_ParseRestoreSaveTupleTypeU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 2163282249-49823770
                                                                                                                                                                                                                                                      • Opcode ID: 7daf49e6d55556a213d1a2da487b843bd595af3f06e05594ca9932f48e932023
                                                                                                                                                                                                                                                      • Instruction ID: 45b8b69b38cbc8d317cbbb2d834ed1cab28a547bdcf9d1d83f3e90187c7d512d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7daf49e6d55556a213d1a2da487b843bd595af3f06e05594ca9932f48e932023
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98512B29F18A4291FB199B15E870A7D63E0FF48B94F8850B1D96E876E8DE3CE845C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC08BD0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 110threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_$Object_RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: :EnumRunning$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 195898724-1508251384
                                                                                                                                                                                                                                                      • Opcode ID: 9a7b223e5cf46877d69bdc5c606ee63e3b67541f90ea838d8dad410d925fbd15
                                                                                                                                                                                                                                                      • Instruction ID: d3ac03f4e69277b94e0ed9eac36cac59bac99e366b8bfcd0af316658d75b5561
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a7b223e5cf46877d69bdc5c606ee63e3b67541f90ea838d8dad410d925fbd15
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE410629B09B6285FB199B19A86497D33F1FF48BC0B4890B1DE6E877D8DE2CF4458300
                                                                                                                                                                                                                                                      Function 00007FFDFAC07EF0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 110threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_$Object_RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemParseSubclassTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: :GetClassInfo$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 195898724-1225286267
                                                                                                                                                                                                                                                      • Opcode ID: d94db4881660b8103bff40fd25258975a005712a5af6fd375c21c33e436080e1
                                                                                                                                                                                                                                                      • Instruction ID: 2206fba4ee464124940242c80ecfc0532ff72d0178b091975ecd4241b4297857
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d94db4881660b8103bff40fd25258975a005712a5af6fd375c21c33e436080e1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1411729B08B1295FB5D9B26A86497D63F1EF48BC0F4894B1DE6E877DCDE2CE4458300
                                                                                                                                                                                                                                                      Function 00007FFDFAC02AF0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 134threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$Err_$Object_$DeallocStringU_object@@$Arg_BuildErrorFormatFreeFromInfoInitInstanceMem_ObjectParseTupleValueVariant
                                                                                                                                                                                                                                                      • String ID: O|iO:Read$The Python object is invalid$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 607326736-616561353
                                                                                                                                                                                                                                                      • Opcode ID: 5f13d4bfba2efd8734c9fb97c34c160d95aba1579116fa4f6e8d655ce63382f3
                                                                                                                                                                                                                                                      • Instruction ID: d4583920009715f7a4669dba8950c8674731d87cc2e63b7b616ad83c61741483
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f13d4bfba2efd8734c9fb97c34c160d95aba1579116fa4f6e8d655ce63382f3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB513D29B08A5691FB589F51E8649BD67B0FF44B80F598072DE6E836A8DE3CD449C340
                                                                                                                                                                                                                                                      Function 00007FFDFAC019B0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$Oi:Save$The Python object is NULL and no error occurred$The Python object is invalid$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 1450464846-517254404
                                                                                                                                                                                                                                                      • Opcode ID: bd39401af89422807ce7559fa9bd05dd80c8059ff4be916bb74a3ac424a834f8
                                                                                                                                                                                                                                                      • Instruction ID: 4c7ac2b383c5c8c48ff66b3fe91e314020f8f8f8ca12358a0b4affab5416b863
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd39401af89422807ce7559fa9bd05dd80c8059ff4be916bb74a3ac424a834f8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09514369B08A5292FB099F55E8649BD63A0EF44FD5B4850B2CD2D973D8DE3CE885C340
                                                                                                                                                                                                                                                      Function 00007FFDFAC118F0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Sequence_$DeallocItem$CheckErr_LongLong_SizeString
                                                                                                                                                                                                                                                      • String ID: If the TYPEDESC is of type VT_USERDEFINED, the object must be an integer$SAFEARRAY descriptions are not yet supported$The first sequence item must be an integer$The object is not an TYPEDESC
                                                                                                                                                                                                                                                      • API String ID: 3972667259-4167263409
                                                                                                                                                                                                                                                      • Opcode ID: 0d4a7940860b962bc09089243b53c8da471959ed3848b1469a49f9e544ca58e9
                                                                                                                                                                                                                                                      • Instruction ID: 6c5dfde094b458c47e1641afa8991dd41352f841a17ebb734ba71108f78636ea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d4a7940860b962bc09089243b53c8da471959ed3848b1469a49f9e544ca58e9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E412B29B18742A5FB5C9B26E464A7D67E0EF44F80F1490B9DA6E466D8DF3CE446C300
                                                                                                                                                                                                                                                      Function 00007FFDFABF6B60 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 109threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyErr_SetString.PYTHON313 ref: 00007FFDFABF6B8B
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFABF6BA3
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABF6BC0
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocErr_$BuildErrorFromInfoObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 3213920475-3895418669
                                                                                                                                                                                                                                                      • Opcode ID: ff8adc6b9ee4605b1571758dd9ee2e144ca43d7c99b8b5e22cf6490a84a253cc
                                                                                                                                                                                                                                                      • Instruction ID: 6441c5bd40cceec6dc66470eb2ece16ec868f3c9138373f6f593a2b538cdbd4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff8adc6b9ee4605b1571758dd9ee2e144ca43d7c99b8b5e22cf6490a84a253cc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9414E29B09A8282FB5D9B55E87497D63A0FF48BC0F8854B5DE6E477ECDE2CE4458300
                                                                                                                                                                                                                                                      Function 00007FFDFAC0FAE0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 107threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyErr_SetString.PYTHON313 ref: 00007FFDFAC0FB23
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFAC0FB40
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFAC0FB5F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocErr_$BuildErrorFromInfoObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 3213920475-3895418669
                                                                                                                                                                                                                                                      • Opcode ID: f5915551523a34e527b5c14ca623234ebbb0ea4c32344bfcbdec0dc9fff4b199
                                                                                                                                                                                                                                                      • Instruction ID: 2f1332eab23273dce9da9f1d6e5498c5b4ab1945bb965acbc3df3ae7d363ccf8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5915551523a34e527b5c14ca623234ebbb0ea4c32344bfcbdec0dc9fff4b199
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D413929B0CB5285FB589B15A86097C23B0FF48F84B4880B2DE6E877DCDE2CE485C750
                                                                                                                                                                                                                                                      Function 00007FFDFAC0F960 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Dealloc$FromObject_RestoreSaveStringU_object@@$Free$BuildErr_Value$ErrorInfoObject
                                                                                                                                                                                                                                                      • String ID: (OOiO)$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1273995065-2415557319
                                                                                                                                                                                                                                                      • Opcode ID: 70dcb869b696e82eab7625dbc7b93f871b47df504a084c4ca9a3bb0da9b40d9e
                                                                                                                                                                                                                                                      • Instruction ID: fbec84de13ec76bd1c9e78788942bf2ea1a13b1bf50d2429106778dc9944ff9c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70dcb869b696e82eab7625dbc7b93f871b47df504a084c4ca9a3bb0da9b40d9e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07414E39B08B5286EB189F25F46497D63A0FB88B90F088071DE5D937A8DF3CD485C740
                                                                                                                                                                                                                                                      Function 00007FFDFAC15970 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SafeArrayGetLBound.OLEAUT32 ref: 00007FFDFAC15993
                                                                                                                                                                                                                                                      • SafeArrayGetUBound.OLEAUT32 ref: 00007FFDFAC159C7
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32 ref: 00007FFDFAC159F3
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$ArrayRestoreSafeSave$BoundDealloc$AccessBuildDataErr_ErrorFromInfoObjectObject_U_object@@Value
                                                                                                                                                                                                                                                      • String ID: buffer size is not what we created!
                                                                                                                                                                                                                                                      • API String ID: 576285022-976286230
                                                                                                                                                                                                                                                      • Opcode ID: c91fe32572f4a50a4fbe0deb4edbce311861984f733a6a1fee411f3dd7132e04
                                                                                                                                                                                                                                                      • Instruction ID: c498faae1d73fef319d7a988d2a66def00aecdd5c9b9789d484be44b4ea7e5d7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c91fe32572f4a50a4fbe0deb4edbce311861984f733a6a1fee411f3dd7132e04
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC51A13AB1D686A6EB688B11E4A4B7D63A4FB84B44F404071DA2E577ECDF3CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABF8B10 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$Sequence_State_$Arg_CheckClearEnsureErr_ItemObject_ParseReleaseSizeTuple
                                                                                                                                                                                                                                                      • String ID: Next$O&O&kO&O&O&:STATPROPSETSTG
                                                                                                                                                                                                                                                      • API String ID: 2265416999-2759803156
                                                                                                                                                                                                                                                      • Opcode ID: 14bc9990cc337212dedeb920a2ca8f67ffa493a4f8af14027d36528662da41d5
                                                                                                                                                                                                                                                      • Instruction ID: 861ea6ca708766844f5d7dbd0fec27f16b9490b288a443d71d595d38c64196d1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14bc9990cc337212dedeb920a2ca8f67ffa493a4f8af14027d36528662da41d5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70517D36B0AB8691E7288FA5E924A7973A0FB44B94F484171DA6D93BD8DF3CE411C700
                                                                                                                                                                                                                                                      Function 00007FFDFABC8B70 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeString$Dealloc$State_$CallCheckEnsureLongLong_MethodNumber_Object_Release
                                                                                                                                                                                                                                                      • String ID: Python error invoking COM method.$_Invoke_$iOiO
                                                                                                                                                                                                                                                      • API String ID: 901979272-3232567516
                                                                                                                                                                                                                                                      • Opcode ID: 6c7c9b64f419ac58f1d17edf5f438223d308ceb8c4d5cfba570f0057f856cacc
                                                                                                                                                                                                                                                      • Instruction ID: 450ca2211c2645df8dd37dcf945ccba37d4e6de939d9d64ea4ce6b88b5715ec1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c7c9b64f419ac58f1d17edf5f438223d308ceb8c4d5cfba570f0057f856cacc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C516C3AB09B4281EB189F61E860ABA73A0FB84B94F454475DE6E43B9DCF3CE455C740
                                                                                                                                                                                                                                                      Function 00007FFDFAC01B70 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$Err_$DeallocObject_$Arg_BuildErrorFormatFromInfoInstanceObjectOccurredParseStringTupleU_object@@Value
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$O:SaveCompleted$The Python object is NULL and no error occurred$The Python object is invalid$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 21361869-2286507262
                                                                                                                                                                                                                                                      • Opcode ID: 73dba996eeb027f0992288a423fc271c65433eff595f39c70c281eb272f33d76
                                                                                                                                                                                                                                                      • Instruction ID: 5626cf84fd5e018034f23a6b1b71cf00b1f172d82781be69fd9d6ef210b7c9ab
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73dba996eeb027f0992288a423fc271c65433eff595f39c70c281eb272f33d76
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15514D69B08A5291EB58DB1AE46097D63B0FF48FC4B4840B2DE6D977ACDF3CE4458340
                                                                                                                                                                                                                                                      Function 00007FFDFABE5E60 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                                                                                                                                                                                                      • String ID: Oii$Save$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 643398647-4246081452
                                                                                                                                                                                                                                                      • Opcode ID: c807c37abc8151cc9ec5a129b8f01122fe823c80d84d69c2898bccd48247a446
                                                                                                                                                                                                                                                      • Instruction ID: 29b35dd9c656049985243522867cea8de8f595a8823d73c2083db241825f4da0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c807c37abc8151cc9ec5a129b8f01122fe823c80d84d69c2898bccd48247a446
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41414A39B0CA4682EB589B16E8B4A7C63E4FB44B90F844571DE6E47798EF3CE845C701
                                                                                                                                                                                                                                                      Function 00007FFDFABD5AA0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 102threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$Err_$DeallocObject_$Arg_BuildDataErrorFormatFromInfoInstanceMarshalObjectOccurredParseReleaseStringTupleU_object@@Value
                                                                                                                                                                                                                                                      • String ID: None is not a valid interface object in this context$O:CoReleaseMarshalData$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                      • API String ID: 3327559703-3945113398
                                                                                                                                                                                                                                                      • Opcode ID: abdfb4f8a74f480fa270a1b32874a538901005259450a12adb090c535eb655c0
                                                                                                                                                                                                                                                      • Instruction ID: aae245d2144a7255b82121a12c051ce590cdde63c527bd5ca2f9980f23ee314c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abdfb4f8a74f480fa270a1b32874a538901005259450a12adb090c535eb655c0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2411269B08A4291FB48DB59E86497D63A1FF88B84F9850B6DE2D87798DE3CE445C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC14EF0 Relevance: 24.1, APIs: 16, Instructions: 141COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$ItemLong_Sequence_$ClearDict_Err_FromSsize_t$CheckLongSizeSubtypeType_
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1188691601-0
                                                                                                                                                                                                                                                      • Opcode ID: 990299021235a1074c5ac790df30d5199ee65cf0a1ac59552841f35378b40761
                                                                                                                                                                                                                                                      • Instruction ID: de6217dcee392e36f571729a3b3609b8e098c6f211e70df49978c5d6bf744bb0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 990299021235a1074c5ac790df30d5199ee65cf0a1ac59552841f35378b40761
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E51403AF0960AA1FB5C5B659964A7D63D4AF45B90F0445B0CD3D427ECDF3DE4458380
                                                                                                                                                                                                                                                      Function 00007FFDFAC059F0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 117threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Object_ThreadU_object@@$Arg_Array@@DeallocErr_FreeFromParseRestoreSaveStringTaskTupleTuple_freememset
                                                                                                                                                                                                                                                      • String ID: O:ReadPropertyNames$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3431620335-2841226944
                                                                                                                                                                                                                                                      • Opcode ID: 263433a91e714c7f2e5b72a0961d4416ddcbff711c9cf93c7fde31f998eee1d9
                                                                                                                                                                                                                                                      • Instruction ID: 80cf3faface6f284f0757ba488b373452608840357284965dce3fc650606e959
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 263433a91e714c7f2e5b72a0961d4416ddcbff711c9cf93c7fde31f998eee1d9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F41C239B09B5683EB18DB51A4A487DA3A4FF84B90F088175DAAE977DCDE3CE440C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC16C30 Relevance: 22.7, APIs: 15, Instructions: 234COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Tuple_$Dealloc$Item$Size$BuildCallClearDict_Err_ObjectObject_Value
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2238649293-0
                                                                                                                                                                                                                                                      • Opcode ID: 3463e2389ca444ec9eea0cb308954b7610305a20900ad4ee90f697cb1a6222e6
                                                                                                                                                                                                                                                      • Instruction ID: 4a6bf13ae12fc2b67f5eae9896f1393e139348aa2f4b8647020c6e4971699f69
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3463e2389ca444ec9eea0cb308954b7610305a20900ad4ee90f697cb1a6222e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9919E3AB08B42A2EB189F11E964ABD63A5FF84BC4F448575D9AE477D8DE3CE445C300
                                                                                                                                                                                                                                                      Function 00007FFDFABF9A40 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 108threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$ErrorEval_InfoState_Thread$CreateEnsureInstanceObject_ReleaseRestoreSave
                                                                                                                                                                                                                                                      • String ID: Clone$Could not convert the result from Next()/Clone() into the required COM interface
                                                                                                                                                                                                                                                      • API String ID: 333656411-380556627
                                                                                                                                                                                                                                                      • Opcode ID: bec8c6c09c14300203f78fc9a07c0d696ba39e6edcfa94b1089576b44c30f484
                                                                                                                                                                                                                                                      • Instruction ID: a5b2f9f1e6ba18a1b369df04252394884f1f8ce93c587958a3b4d8f31c5f6a05
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bec8c6c09c14300203f78fc9a07c0d696ba39e6edcfa94b1089576b44c30f484
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57414F3AB08A47D2EB089F65D86497D63A0FB84B95F544472DE1E836ADDE3DD409C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC17EE0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 105threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FromRestoreSave$Capsule_D@@@DeallocDict_Err_ItemObject_OccurredStringU_object@@Validprintf
                                                                                                                                                                                                                                                      • String ID: Couldn't find IID %S$win32com universal gateway
                                                                                                                                                                                                                                                      • API String ID: 2453481656-3289595554
                                                                                                                                                                                                                                                      • Opcode ID: 9d8deed0fb5ea0b3e7bf8d56ef260fc229cd7a1677dd9b5aceb49f82988de3cb
                                                                                                                                                                                                                                                      • Instruction ID: b0e2098ce0bfd2aa632150c583ce79e2bf87615c52cdc3267417779bd6eb591d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d8deed0fb5ea0b3e7bf8d56ef260fc229cd7a1677dd9b5aceb49f82988de3cb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1418069B09B4695FB289B12A864BBE63A0FF48B84F044474DE6E877DDDE3CE0418740
                                                                                                                                                                                                                                                      Function 00007FFDFABC7B30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$Arg_CallDeallocEnsureMethodObject_ParseReleaseTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$_GetTypeInfo_
                                                                                                                                                                                                                                                      • API String ID: 976812914-3895212227
                                                                                                                                                                                                                                                      • Opcode ID: 6413ec627b45b174a35b0bdf3f99d74d7e02868e175a471f1b3b1c92cc061770
                                                                                                                                                                                                                                                      • Instruction ID: 1c3335cd1ec0e2f9882fd402c93fe157311986a619ab9e3ff273c93a9622109f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6413ec627b45b174a35b0bdf3f99d74d7e02868e175a471f1b3b1c92cc061770
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D414C26B08A4292FB199B25E860E7963E0FF40B90F4550B2DA6D476E8DF3CE485C700
                                                                                                                                                                                                                                                      Function 00007FFDFABF0E60 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arg_Err_Eval_ParseStringThreadTuple$DeallocReferenceRestoreSavemalloc
                                                                                                                                                                                                                                                      • String ID: HOiii:FORMATETC$O:GetDataHere$The Python object is invalid$td must be None
                                                                                                                                                                                                                                                      • API String ID: 2083180792-977131618
                                                                                                                                                                                                                                                      • Opcode ID: d1f78f3ad9244298d32882caeecb9d2c6b4f8b10e5308e57f42f1c9a01f4732a
                                                                                                                                                                                                                                                      • Instruction ID: b3cffe56c8a981ab9e6c18b40c3167dd0cec381e81875ebb51a8cdf6badaced0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1f78f3ad9244298d32882caeecb9d2c6b4f8b10e5308e57f42f1c9a01f4732a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB413F36B08B8291EB54CB55F4546AE73E0FB84B84F944172DAAD43BA8EF3CE585C740
                                                                                                                                                                                                                                                      Function 00007FFDFAC05BA0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 93threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyErr_SetString.PYTHON313 ref: 00007FFDFAC05BBD
                                                                                                                                                                                                                                                      • PyArg_ParseTuple.PYTHON313 ref: 00007FFDFAC05BF2
                                                                                                                                                                                                                                                      • ?PyWinObject_AsDWORDArray@@YAHPEAU_object@@PEAPEAKPEAKH@Z.PYWINTYPES313 ref: 00007FFDFAC05C22
                                                                                                                                                                                                                                                      • ?PyWinObject_AsWCHARArray@@YAHPEAU_object@@PEAPEAPEA_WPEAKH@Z.PYWINTYPES313 ref: 00007FFDFAC05C3E
                                                                                                                                                                                                                                                      • PyErr_SetString.PYTHON313 ref: 00007FFDFAC05C67
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFAC05C79
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFAC05C9F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDFAC05CE7
                                                                                                                                                                                                                                                      • ?PyWinObject_FreeWCHARArray@@YAXPEAPEA_WK@Z.PYWINTYPES313 ref: 00007FFDFAC05CF6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Object_RestoreSave$Array@@Err_U_object@@$DeallocString$Arg_BuildErrorFreeFromInfoObjectParseTupleValuefree
                                                                                                                                                                                                                                                      • String ID: OO:WritePropertyNames$Property names must be a sequence the same size as property ids$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1119876306-2196422330
                                                                                                                                                                                                                                                      • Opcode ID: 33265b365198fb450d7f49ccfd9e6a30e0b51f29887dad866814347ad1808e31
                                                                                                                                                                                                                                                      • Instruction ID: 14fd5b3bb08533cbd464d244551fe556feca6866fd44b1fb9a662c8c23db517c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33265b365198fb450d7f49ccfd9e6a30e0b51f29887dad866814347ad1808e31
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3413039B08B5686FB149F15E46097D63B4FB88B80F588072DA5D876ACDF3CE445CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABC6C30 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocFromObject_U_object@@$E@@@$D@@@$BuildValue
                                                                                                                                                                                                                                                      • String ID: OOiOOO
                                                                                                                                                                                                                                                      • API String ID: 264182150-956672829
                                                                                                                                                                                                                                                      • Opcode ID: 58f1add5ca0725387a7286ec870eec7b499544ffa67c58a8ceaa26ed65058350
                                                                                                                                                                                                                                                      • Instruction ID: 63fdd0e71d328df903a59150b49d9a44843d978c9a95206ed90ad2d7fef550ce
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58f1add5ca0725387a7286ec870eec7b499544ffa67c58a8ceaa26ed65058350
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65414936B09A0286EB5A9F21A478E7873A0FB45B84F4954B5CA6D43BE8DF3CE051C700
                                                                                                                                                                                                                                                      Function 00007FFDFABC6920 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 77timeCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Object_U_object@@$Check@@E@@@Time_U_object@@@$Arg_D@@@Err_ParseR@@@StringTuple
                                                                                                                                                                                                                                                      • String ID: The time entries in a STATSTG tuple must be PyDateTime objects$ziOOOOiiOii
                                                                                                                                                                                                                                                      • API String ID: 75234034-3621292200
                                                                                                                                                                                                                                                      • Opcode ID: 962d1e5a9d51b565be96d9149d6b22caff4fadba4044cd296bd95abef1fb7871
                                                                                                                                                                                                                                                      • Instruction ID: 4e8af37a3b0f6f6b401a3332638e1c5cf18951fb33cdd913084f67a50f96573e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 962d1e5a9d51b565be96d9149d6b22caff4fadba4044cd296bd95abef1fb7871
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF413076708F8295EB648F21E4A0BAA73B4FB84B80F449075DA9D836ACDF3CD559C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0BB70 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Object_U_object@@$E@@@$Eval_Thread$Arg_Err_FreeMem_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: OOOO:SetElementTimes$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 241530360-3632606313
                                                                                                                                                                                                                                                      • Opcode ID: e45c3194c55181bce4ada4a275550d34c5edcae9b3025a4c2ba395116f200bb5
                                                                                                                                                                                                                                                      • Instruction ID: 0004093d9fea0df0bbdd31432273d046f7ce41b115eb4c71e33a79b9f4bd7b03
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e45c3194c55181bce4ada4a275550d34c5edcae9b3025a4c2ba395116f200bb5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A413F2AB19A5291EB18CB15E460ABE63A0FF85B90F4840B5DE6E837ECDF3CD445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABFA990 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_DeallocErr_FreeFromObject_ParseRestoreSaveStringTaskTupleTuple_U_object@@memset
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$|I:Next
                                                                                                                                                                                                                                                      • API String ID: 1381306868-958815924
                                                                                                                                                                                                                                                      • Opcode ID: 2fa85a62bcbe94d1452b09e4bea2465e5e9586dacfbcf71472eaac91e9ee1903
                                                                                                                                                                                                                                                      • Instruction ID: e31b159cf80b9e0b449704df9bc73b82dcd20ffc1eff5db0cf053c592a673daa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa85a62bcbe94d1452b09e4bea2465e5e9586dacfbcf71472eaac91e9ee1903
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC41B239B19AC282EB0C8B95A46497DA3A1FF88B94F484179DA6D477DCDF3CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABF1EB0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_OccurredState_$BuildEnsureReleaseValue
                                                                                                                                                                                                                                                      • String ID: (O)$GetDataHere$Hziii$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 3545230104-215289106
                                                                                                                                                                                                                                                      • Opcode ID: b969598cbdc5abae08448a14be90388e3937f59abd74143b50cbdefcad8ee9fe
                                                                                                                                                                                                                                                      • Instruction ID: 0ca5423ef7e1ce7b1f3a01b6c58c50067f7101072db67c541619673424920f68
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b969598cbdc5abae08448a14be90388e3937f59abd74143b50cbdefcad8ee9fe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7541A836B1874295E7598F64E8609BD63A0FF48B84F854071EE2E476D9EF3CE544C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC0BA00 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: OO:RenameElement$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-4064606997
                                                                                                                                                                                                                                                      • Opcode ID: 6168186f1fbb40e5a6be7c14385c815ac862745ede3bd0eca3957e536cb9ca21
                                                                                                                                                                                                                                                      • Instruction ID: 8b25117b67dfd62d43bb55e902e0bddb84a715e1dd54adfa9c64993301f21292
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6168186f1fbb40e5a6be7c14385c815ac862745ede3bd0eca3957e536cb9ca21
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2410F39B08A5282FB54DB25E46097E63A1FF88FD4B485571DAAE937ACDE2CE441C700
                                                                                                                                                                                                                                                      Function 00007FFDFABD2B60 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 70libraryloaderCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$AddressArg_BuildClearD@@@Err_FromHandleModuleObject_ParseProcTupleU_object@@Value
                                                                                                                                                                                                                                                      • String ID: CoInitializeEx$OOiO$ole32.dll
                                                                                                                                                                                                                                                      • API String ID: 3239830637-2671725199
                                                                                                                                                                                                                                                      • Opcode ID: d4806bb4be3b53c637ee2c6dad951a6d8f435bb8f24ae285639a4429b9007c09
                                                                                                                                                                                                                                                      • Instruction ID: 30ab466c6ac3f827caa4f99bad1e322f7f1faa6e7b9e275cb28eb5fd59b9ea90
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4806bb4be3b53c637ee2c6dad951a6d8f435bb8f24ae285639a4429b9007c09
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49314139B0DA4292EB089F25E864AB963E0FF49B90F4805B5D96E877DCDF3DE4458700
                                                                                                                                                                                                                                                      Function 00007FFDFAC09A30 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 139COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$ExceptionOccurredState_$Arg_EnsureFetchGivenMatchesNormalizeParseReleaseRestoreTuple
                                                                                                                                                                                                                                                      • String ID: QueryBlanket$Unexpected exception in gateway method '%hs'$kkOkkk
                                                                                                                                                                                                                                                      • API String ID: 2789434422-1352019005
                                                                                                                                                                                                                                                      • Opcode ID: 6b13fd045abd9acde16488a9ac61611e2e9d76c667b4bf175f81d201416ecd16
                                                                                                                                                                                                                                                      • Instruction ID: 8efdb4e38715647cb5208d2de123df749299cb75c895dbb7bf59f58c715d5b10
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b13fd045abd9acde16488a9ac61611e2e9d76c667b4bf175f81d201416ecd16
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4451503AB09A5286EB188F15E460B6E73B0FB85794F448171DEAD87798DF3CD405CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABC6A90 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$String$Arg_ClearDeallocFreeKeywordsMem_ParseTupleTuple_
                                                                                                                                                                                                                                                      • String ID: STGOPTIONS must be a dictionary containing {Version:int,reserved:0,SectorSize:int,TemplateFile:unicode}$|lllU
                                                                                                                                                                                                                                                      • API String ID: 4063213528-4198855380
                                                                                                                                                                                                                                                      • Opcode ID: dddc75488027573a66ab4b753f57d27e87d30f3c202d0bc1dc4a874c046360ff
                                                                                                                                                                                                                                                      • Instruction ID: 6d6c8160d471f932589807e4e90b010e620a3067546731987d24bc47dbc0f4f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dddc75488027573a66ab4b753f57d27e87d30f3c202d0bc1dc4a874c046360ff
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9415936708B4285EB19DF19E8A097DB3E4FB88B84F458076DAAD837A8DE3CD455C300
                                                                                                                                                                                                                                                      Function 00007FFDFABFAE60 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocatedErr_Object_State_Task$DeallocEnsureFormatFreeOccurredReleaseSequence_TupleU_object@@memset
                                                                                                                                                                                                                                                      • String ID: Next$Received %d items , but only %d items requested
                                                                                                                                                                                                                                                      • API String ID: 4242019863-38368155
                                                                                                                                                                                                                                                      • Opcode ID: 885763fc19cd07d693e57fef543984687db979c46616e017d75547e96541494a
                                                                                                                                                                                                                                                      • Instruction ID: 8e6280651631df902c351c2d30c8962ed58bf39780d77497d4d842de99f2da01
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 885763fc19cd07d693e57fef543984687db979c46616e017d75547e96541494a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4241AF7AB29B8296E7189F65E46097DA3A0FB44784F484075DE6E8B7E8DF3CE444C700
                                                                                                                                                                                                                                                      Function 00007FFDFABEE910 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 84threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: String$Bstr@@Eval_FreeObject_ThreadU_object@@$Arg_Err_ParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$iOO:DefineFuncAsDllEntry
                                                                                                                                                                                                                                                      • API String ID: 1484531722-2296264261
                                                                                                                                                                                                                                                      • Opcode ID: 24cb53ed7f5384d02be4c2f221b9663f9e1c51ee7173658ed6e63ba132290a09
                                                                                                                                                                                                                                                      • Instruction ID: 3fb1824d6fb9d80436dcb9e0b2291f0a7973873a743b98c31cba6cb83019cd7f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24cb53ed7f5384d02be4c2f221b9663f9e1c51ee7173658ed6e63ba132290a09
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7313279B18A4292FB099B25E864A7E63A0FF84B90F841076DE5D477A8DF7CD845C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0DF10 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$|i:Stat
                                                                                                                                                                                                                                                      • API String ID: 1450464846-438154399
                                                                                                                                                                                                                                                      • Opcode ID: 27182215e442f91bd1e3aac620819bce5c108dfdf1a9d6090c829e0d71768f4b
                                                                                                                                                                                                                                                      • Instruction ID: 6e76622b43c0e3f9efd847a94c8f9ea4c3cee489e879eebf6da5a2c7619776c2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27182215e442f91bd1e3aac620819bce5c108dfdf1a9d6090c829e0d71768f4b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49313269B1C69281FB699B21E824B7D63A1FF44B84F4844B1D96E877DCDF2CE5048700
                                                                                                                                                                                                                                                      Function 00007FFDFAC14915 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • The type does not declare a PyCom constructor, xrefs: 00007FFDFAC1499F
                                                                                                                                                                                                                                                      • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFAC1498A
                                                                                                                                                                                                                                                      • There is no interface object registered that supports this IID, xrefs: 00007FFDFAC1496D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClearErr_Object_$D@@@DeallocDict_FromItemStringSubclassU_object@@Variant
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 592232323-49823770
                                                                                                                                                                                                                                                      • Opcode ID: 24807c69ac57358af63bd308781007d789a951bedb9c11460da040fe214732d4
                                                                                                                                                                                                                                                      • Instruction ID: ced2286691dc33ff00f8d5b523c71b664e7f7ba3987718c2806ca122e348e80b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24807c69ac57358af63bd308781007d789a951bedb9c11460da040fe214732d4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E310B79B09A42A1FB59DB16E964A7C23A5BF49B84F4884B1CD6D437DCEF3CE5068300
                                                                                                                                                                                                                                                      Function 00007FFDFAC149FE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • The type does not declare a PyCom constructor, xrefs: 00007FFDFAC1499F
                                                                                                                                                                                                                                                      • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFAC1498A
                                                                                                                                                                                                                                                      • There is no interface object registered that supports this IID, xrefs: 00007FFDFAC1496D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Object_$ClearD@@@DeallocDict_Err_FromItemStringSubclassU_object@@Variant
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 4055360134-49823770
                                                                                                                                                                                                                                                      • Opcode ID: dd3cbd90fd24482837ed38d7d0d8512a03e371dbbbde1d708f42175be810563a
                                                                                                                                                                                                                                                      • Instruction ID: a01ca16744d8a447e1fe742592541aadaee3930fa14b3b12ed0ba58875b81c01
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd3cbd90fd24482837ed38d7d0d8512a03e371dbbbde1d708f42175be810563a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4521F97DB08A42A1FB69DB15E964A7C23A5BF49B84F4884B1CD6D477DCEE3CE4458300
                                                                                                                                                                                                                                                      Function 00007FFDFABD2F40 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arg_FromObject_ParseTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: <Unknown Facility>$FACILITY_BACKUP$FACILITY_EDB$FACILITY_MDSI
                                                                                                                                                                                                                                                      • API String ID: 1545321530-3847080442
                                                                                                                                                                                                                                                      • Opcode ID: 048f06e120f84a255e64444fa389d0ecc3cc1d819bca89119e7a47716cb145d6
                                                                                                                                                                                                                                                      • Instruction ID: 1763b1cb3dce3fe00b58020b3bd5f6af1499b89e0f8431ea530533a78fa85073
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 048f06e120f84a255e64444fa389d0ecc3cc1d819bca89119e7a47716cb145d6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E114C79F1884291FB0C9B19DCB5AB86261FF94745FC804F5D62E816E8CE2CA59A8704
                                                                                                                                                                                                                                                      Function 00007FFDFAC0E940 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 113threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 695671107-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: fb0fbe658c8802958a6930a3b7768fa9a8fd7267b6750583ea1c1e8daffe2702
                                                                                                                                                                                                                                                      • Instruction ID: c2a5941642df8f94062bad0a6010c8590ce18815c946c9cea3752941a9b6d014
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb0fbe658c8802958a6930a3b7768fa9a8fd7267b6750583ea1c1e8daffe2702
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5551167AB09A1196E798CF2AE55057D77B0FB48B84B044076EB5D93B98DF3CE4A1CB00
                                                                                                                                                                                                                                                      Function 00007FFDFAC03A20 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Occurred$DeallocExceptionState_$D@@@EnsureFetchFromGivenMatchesNormalizeObject_ReleaseRestoreU_object@@
                                                                                                                                                                                                                                                      • String ID: Open$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 2391609008-3017595499
                                                                                                                                                                                                                                                      • Opcode ID: f82398628ab3b14e29eb950cf320870efba784f57a9934f1e78bb9318afc7e14
                                                                                                                                                                                                                                                      • Instruction ID: 15b6092d797e9076a2a67c12705dec7b07a249579dceae842b59ece8a4f7a7a9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f82398628ab3b14e29eb950cf320870efba784f57a9934f1e78bb9318afc7e14
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD41863AB1864791FB589B25E824ABD73A1FF44B94F4880B1D96E877D9EE3CE505C300
                                                                                                                                                                                                                                                      Function 00007FFDFABF7B50 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_D@@@DeallocErr_FromObject_ParseRestoreSaveStringTupleTuple_U_object@@
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$|l:Next
                                                                                                                                                                                                                                                      • API String ID: 770659799-1850198577
                                                                                                                                                                                                                                                      • Opcode ID: 85796f223008af7dbd0982bd3f23eb1b2cb199264c397eef453f94ae485d8573
                                                                                                                                                                                                                                                      • Instruction ID: 7d711de50ee1e60b38da67f9bf74217f5bfb98c7f301d01e180c42b476ef872a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85796f223008af7dbd0982bd3f23eb1b2cb199264c397eef453f94ae485d8573
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F41B229B08A8282EB089F51A460A7D63B1FF88B94F4845B1DE6D473D8DF3CE485C300
                                                                                                                                                                                                                                                      Function 00007FFDFABE7B00 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$Arg_EnsureErr_OccurredParseRelease
                                                                                                                                                                                                                                                      • String ID: <unknown>$Clone$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 1808086756-160319612
                                                                                                                                                                                                                                                      • Opcode ID: 50137d5b2ae5c6f70d0ae6475f813d42714069487d7050b465e02c15590b5e08
                                                                                                                                                                                                                                                      • Instruction ID: ba8237beaf3330bb21b3945ccc8744882fa911827a4b447021d990d617f67fa5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50137d5b2ae5c6f70d0ae6475f813d42714069487d7050b465e02c15590b5e08
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9441C535B0864792EB189B25E8B4ABD23A0FF44B94F8440B1CE6E477DDEE2CE545C340
                                                                                                                                                                                                                                                      Function 00007FFDFABFD930 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_OccurredState_$Arg_DeallocEnsureParseRelease
                                                                                                                                                                                                                                                      • String ID: <unknown>$Stat$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 3280672200-2095743813
                                                                                                                                                                                                                                                      • Opcode ID: 09d9dbc4c92a8a9f41c625411d1195270e1c666c83debe959f6f97d87a704ccf
                                                                                                                                                                                                                                                      • Instruction ID: eb06d09403aef465e54f790261d5b3c00f7d8c302bd5ad0a583f9777827f0b2a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09d9dbc4c92a8a9f41c625411d1195270e1c666c83debe959f6f97d87a704ccf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F831B625B0868281FB589B65E824ABD63A0FF45B98F845072DE7E876D9EE7CE005C340
                                                                                                                                                                                                                                                      Function 00007FFDFABE79B0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_OccurredState_$Arg_DeallocEnsureParseRelease
                                                                                                                                                                                                                                                      • String ID: <unknown>$Stat$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 3280672200-2095743813
                                                                                                                                                                                                                                                      • Opcode ID: b5260f2896d5111789d884c21231ebcd486bd69b382e3542d7825aa602637b14
                                                                                                                                                                                                                                                      • Instruction ID: e6646169072e3692efac6419b05743641e695b27c5c6d652ff3406e520fa1543
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5260f2896d5111789d884c21231ebcd486bd69b382e3542d7825aa602637b14
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F31B539B0868691FB589B25E864DBD63A0FF44B94F845072DE3E876D9EE3CE545C300
                                                                                                                                                                                                                                                      Function 00007FFDFABE99E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Object_Sequence_String$CheckD@@@DeallocItemSizeU_object@@
                                                                                                                                                                                                                                                      • String ID: CATID is not valid$Object must be a sequence of CATIDs
                                                                                                                                                                                                                                                      • API String ID: 3435976531-1565270022
                                                                                                                                                                                                                                                      • Opcode ID: 9a1861bb7aba934d31553a12fd06f472d323afa17d328e4b991c3643cc4504e1
                                                                                                                                                                                                                                                      • Instruction ID: e0cc22aad3211c32dfa74f37de459c77245bf57b92dfd8f229d8de54ccba9a12
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a1861bb7aba934d31553a12fd06f472d323afa17d328e4b991c3643cc4504e1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231AF29B08B8681EB189B16A864939B3E4FF84F94F840575DE6D87BD8DE7CE455C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC0B8D0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: O:DestroyElement$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-3564787880
                                                                                                                                                                                                                                                      • Opcode ID: 7e5c85f843a68c7219634350855d3d65e638f2bba635a558cd3caab827ab1134
                                                                                                                                                                                                                                                      • Instruction ID: bfa7204901f057f7051da86fd1e124a5796565c0b1fb335d8aaed978272b5bf3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e5c85f843a68c7219634350855d3d65e638f2bba635a558cd3caab827ab1134
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D314D69B08B5282EB09DB5AF46057E63B0FF48BD4B484072DE6E9379CDE2CE441C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC11BE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Tuple_$BuildItemValue$DeallocFromLongLong_
                                                                                                                                                                                                                                                      • String ID: (iO)$(ii)
                                                                                                                                                                                                                                                      • API String ID: 2956700472-1646815443
                                                                                                                                                                                                                                                      • Opcode ID: 2b0ad28aa4c4a31c7926f68112ac9837f79cfb720b9e0fc0993aef3ebff6fac3
                                                                                                                                                                                                                                                      • Instruction ID: 09dad6f8b33af53360010f598b53c8183a96e51216a3c19d213f1ec21ae01c6e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b0ad28aa4c4a31c7926f68112ac9837f79cfb720b9e0fc0993aef3ebff6fac3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB314A3AB08642D6EB189F26A4609BD63A1FF44FC4B444075EB6E47698DF3DE4929700
                                                                                                                                                                                                                                                      Function 00007FFDFABFCC00 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Bytes_Eval_StringThread$Arg_DeallocErr_FromParseResizeRestoreSaveSizeTuple
                                                                                                                                                                                                                                                      • String ID: Kk:ReadAt$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 2020974559-1841062213
                                                                                                                                                                                                                                                      • Opcode ID: 42c4757f5566b1af680a50b05448942146a76c4d9db34fe8f7bd781888aa154f
                                                                                                                                                                                                                                                      • Instruction ID: fe0a15c36bb02194b8f9c3ca9ba0d3b0fc4ae66cdc7d8a50c0148c8fd5af4436
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42c4757f5566b1af680a50b05448942146a76c4d9db34fe8f7bd781888aa154f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04312035B08A4682FB088B69F46496E73A1FB45B94F940171DA6D577ACDF3CE481CB40
                                                                                                                                                                                                                                                      Function 00007FFDFAC00A70 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$ExceptionOccurredState_$AllocatedArg_DeallocEnsureFetchGivenMatchesNormalizeObject_ParseReleaseRestoreTaskU_object@@
                                                                                                                                                                                                                                                      • String ID: <unknown>$GetCurFile$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 605707310-4081849276
                                                                                                                                                                                                                                                      • Opcode ID: b076ad593769f706d535175aa7115e37a110d57c25e6c28f7bf4ed710d338876
                                                                                                                                                                                                                                                      • Instruction ID: b82268474b5770f0d56c57b8fb839c2bbd992d7960371e12f0a4a4ba283d75fa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b076ad593769f706d535175aa7115e37a110d57c25e6c28f7bf4ed710d338876
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9521C339B08A5281EB589B25E864ABD63B0FF48F98F458171DA6D876DCEE3CD505C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC12947 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • The type does not declare a PyCom constructor, xrefs: 00007FFDFAC12A5E
                                                                                                                                                                                                                                                      • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFAC129B0
                                                                                                                                                                                                                                                      • There is no interface object registered that supports this IID, xrefs: 00007FFDFAC12A36
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Object_$D@@@DeallocDict_Err_FromItemStringSubclassU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 3263611697-49823770
                                                                                                                                                                                                                                                      • Opcode ID: 036263f03288f809a103d90402488b2def5c9c2016db8842f779003b3f5b278d
                                                                                                                                                                                                                                                      • Instruction ID: 46b4318f16970207243f15751c23d759cadf8ae391bd2241eb68f1a15a438d4a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 036263f03288f809a103d90402488b2def5c9c2016db8842f779003b3f5b278d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C121DB2DB09A47A5FB689B1AE46497C63A0FF49B84B4844B1CE2E577DCDF2CF4158300
                                                                                                                                                                                                                                                      Function 00007FFDFABC5980 Relevance: 15.1, APIs: 10, Instructions: 82COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$Object_Tuple_$AttrCallErr_Iter_OccurredString
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1842946783-0
                                                                                                                                                                                                                                                      • Opcode ID: 30840a5172524e7a32e1315caef83c5c78a376f1f2b4b0115a9ff0c46ff3b528
                                                                                                                                                                                                                                                      • Instruction ID: 4210404b0634a619e169e014e6c30b5f003df85d2c176407e0baa39d009bfa50
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30840a5172524e7a32e1315caef83c5c78a376f1f2b4b0115a9ff0c46ff3b528
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E317035B1D68282FB5C4B26A9A4A7C63E4EF08FA4F485574DA2E467D8EF3CE440C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC058B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 86threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_FreeObject_ParseRestoreSaveStringTuplefree
                                                                                                                                                                                                                                                      • String ID: O:ReadMultiple$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 2004998745-3093747771
                                                                                                                                                                                                                                                      • Opcode ID: f71ad35e3ce4d7907b8597667d0c4d55bd6b92175340d3c0e9871b5319c1374e
                                                                                                                                                                                                                                                      • Instruction ID: 1214d9f0bdb180150f32e5284582b6bebbe872d116b701aad58041ec5c6a2f6c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f71ad35e3ce4d7907b8597667d0c4d55bd6b92175340d3c0e9871b5319c1374e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3314E79B0875686FB589F15A42097E63A4FF84B94F488075DEAE87798CE3CE441C700
                                                                                                                                                                                                                                                      Function 00007FFDFABFBAD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Bstr@@Eval_Object_Thread$Arg_ExceptionFormatFreeGivenMatchesParseRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: O|O:AddError$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3793072557-3687480771
                                                                                                                                                                                                                                                      • Opcode ID: 5d3eacd9fdcd198a6d97b740e11e0ffa49ddd8cb51bb2ef2fbbe702c20ddabda
                                                                                                                                                                                                                                                      • Instruction ID: 4499153ce8c7e0cf60cee714ee025830d6e52e7c8a312623418b1cb5ceb9769f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d3eacd9fdcd198a6d97b740e11e0ffa49ddd8cb51bb2ef2fbbe702c20ddabda
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2314F29B08A9291EB689B55E464ABD63A1FF45BC0F9840B1CA6D437EDCE2CE845C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0DB30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: OOl:LockRegion$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1237504214-4112771913
                                                                                                                                                                                                                                                      • Opcode ID: 583ac6f6a7b2d3b325abf9571a71653352bc30e05c09e8e4a8778b2201d32445
                                                                                                                                                                                                                                                      • Instruction ID: 739f2d199810a4734fd860027f8e340682eacaea9d3d98b8e83ba12d6f56054a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 583ac6f6a7b2d3b325abf9571a71653352bc30e05c09e8e4a8778b2201d32445
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1314139B18A5282FB099B19E46097D63B1FF84BC0F4841B2DA6D93BACDF2CE545C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0DC40 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: OOl:UnlockRegion$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1237504214-1091026457
                                                                                                                                                                                                                                                      • Opcode ID: b9c703d6c9087a84d810538eb5f4ad80f2c0210cecc395d038fe501e8c3d8248
                                                                                                                                                                                                                                                      • Instruction ID: 4b98e30ad56172cce9ef12035ecf7c75446aae3124d5aef545b549fa02bc7598
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9c703d6c9087a84d810538eb5f4ad80f2c0210cecc395d038fe501e8c3d8248
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C313C39B18B5282EB099B15E42097D63B1FF84BD0F494172DA6E97BACCF2CE445CB00
                                                                                                                                                                                                                                                      Function 00007FFDFAC0D880 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_FromParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: OO:CopyTo$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3769410717-3963427383
                                                                                                                                                                                                                                                      • Opcode ID: 0ff8399650e44c255e73c1cff1ee35e442128f36fe39c8dd57b82dceeee54500
                                                                                                                                                                                                                                                      • Instruction ID: 3803b524c6486902d0e5fa56e86b6c433eb394bd1c83e42acec755c282a354a6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ff8399650e44c255e73c1cff1ee35e442128f36fe39c8dd57b82dceeee54500
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7217129B08B5281EB498B15F51496EA7A1FF84BD0F4841B2EE6D57B9CDF2CE441C740
                                                                                                                                                                                                                                                      Function 00007FFDFABEEB50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$iO:SetVarDocString
                                                                                                                                                                                                                                                      • API String ID: 3407569068-2282593860
                                                                                                                                                                                                                                                      • Opcode ID: 1c1a0558f9a89a3df84aefd31254a9cf58e8482bd72ba2b62b46dd2847a70530
                                                                                                                                                                                                                                                      • Instruction ID: 0400e23be46c8b3775e06605a02e0a92737911069568937ddff04b95b2585c31
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c1a0558f9a89a3df84aefd31254a9cf58e8482bd72ba2b62b46dd2847a70530
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6216139B18A4292EB189B15E4A097DA3A0FF88BD4F8401B2DE6D477ACCF7CE541C700
                                                                                                                                                                                                                                                      Function 00007FFDFABEEA50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_StringThread$Arg_Bstr@@Err_FreeObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$iO:SetFuncDocString
                                                                                                                                                                                                                                                      • API String ID: 3407569068-4220370050
                                                                                                                                                                                                                                                      • Opcode ID: 4bd18c0c0aef9865da23a19cd62e2a8132cbe02ff8fab13e00edfad5281c6bc6
                                                                                                                                                                                                                                                      • Instruction ID: fc8159fd7d26c6f75051bb9de91d339e57eef2684a244cab543f63eb5faf3493
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bd18c0c0aef9865da23a19cd62e2a8132cbe02ff8fab13e00edfad5281c6bc6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC218029B08A4292EB18DB15E46097DA3A0FF84BD4F840171DE6D477ACCF6CE551C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0BF10 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$|i:Stat
                                                                                                                                                                                                                                                      • API String ID: 1450464846-438154399
                                                                                                                                                                                                                                                      • Opcode ID: 03d27f6cd823bc68460e4f5b24138ff463692876b82749a1b6796840e68f2361
                                                                                                                                                                                                                                                      • Instruction ID: 11d2133db17c83ff954e966290a55396e50c1e9a1a936e02d4bc0d1bdab76d8f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03d27f6cd823bc68460e4f5b24138ff463692876b82749a1b6796840e68f2361
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9931EA29B1CA9295FB68DB25E824B7D63A1FF48B84F4444B1DA6E877D8DF2CE105C700
                                                                                                                                                                                                                                                      Function 00007FFDFABCCBA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_StringThread$Arg_FromLongLong_ParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$ll:GetNextDispID
                                                                                                                                                                                                                                                      • API String ID: 3585401115-2683501322
                                                                                                                                                                                                                                                      • Opcode ID: dba40165bb274f674a800d89b07beb8353929207fc070817e28f3030d6dae698
                                                                                                                                                                                                                                                      • Instruction ID: b818b90abfef58c378f143310a009ce2b584057027ee4d35891c7e4627c91dc7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dba40165bb274f674a800d89b07beb8353929207fc070817e28f3030d6dae698
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68215929B08A5182EB199B15E42486EA3B1FF85BD4B4944B2DE6D477ACCE3CE845C700
                                                                                                                                                                                                                                                      Function 00007FFDFABCC9C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_StringThread$Arg_FromLongLong_ParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$ll:GetMemberProperties
                                                                                                                                                                                                                                                      • API String ID: 3585401115-1689953799
                                                                                                                                                                                                                                                      • Opcode ID: 6773aebb0552f90b87024fba1c80ac9a8c962fac13284a52210819a8353202a0
                                                                                                                                                                                                                                                      • Instruction ID: 2ec3dd1e6b36aba83d7842ef72797c286e97694d12f9ec0db9de69d8aa7c1666
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6773aebb0552f90b87024fba1c80ac9a8c962fac13284a52210819a8353202a0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54216D29B18A9182FB09DB15F42886EA3B1FF44BD4B4544B2EE6D577ACCE3CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABCCAB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_StringThread$Arg_Bstr@@FromObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:GetMemberName
                                                                                                                                                                                                                                                      • API String ID: 1556122010-1980173406
                                                                                                                                                                                                                                                      • Opcode ID: aa43aa8e3163910c36c1acd51888c3bc586840f125a876eceb18a3e02078f713
                                                                                                                                                                                                                                                      • Instruction ID: f5e68a4db738adbd71f3b9be29fe376266db95e2fd341c3ac9847158c4ac2277
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa43aa8e3163910c36c1acd51888c3bc586840f125a876eceb18a3e02078f713
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9215E29B08A5182FB19DB56F46897D63A1FF88BD0B4550B2EE6D5779CCE3CE441C700
                                                                                                                                                                                                                                                      Function 00007FFDFABEBB50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_StringThread$Arg_D@@@FromObject_ParseRestoreSaveTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: :GetConnectionInterface$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3773594425-258588504
                                                                                                                                                                                                                                                      • Opcode ID: a016701330fac4bc03f41be50d013bc5647b0b35b425ce7046a012ba37739b6e
                                                                                                                                                                                                                                                      • Instruction ID: 099195b9d551797dc11f5147c5f979d960d9abffe2c81714b45970c80d9f6c8b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a016701330fac4bc03f41be50d013bc5647b0b35b425ce7046a012ba37739b6e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44213D69B1CA4292FB19DB25E8A493D63A1FF48BC0F4494B2D96E577DCCF2CE8058701
                                                                                                                                                                                                                                                      Function 00007FFDFABE78E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: OOi$UnlockRegion
                                                                                                                                                                                                                                                      • API String ID: 3423895773-62055282
                                                                                                                                                                                                                                                      • Opcode ID: 4215f9fd1ef614c999e31b95be39ce9004df87e44a54963358e441a45e3f8d0b
                                                                                                                                                                                                                                                      • Instruction ID: 05da2cc6688e18fc19be6cd97682d598ff30e71c8ad3150b6f31f0444e3541f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4215f9fd1ef614c999e31b95be39ce9004df87e44a54963358e441a45e3f8d0b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC21803AB08B4296E7188F25F4549ADB3B0FB44B94F484171DE9942B98DF3CD9858700
                                                                                                                                                                                                                                                      Function 00007FFDFABFD860 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: OOi$UnlockRegion
                                                                                                                                                                                                                                                      • API String ID: 3423895773-62055282
                                                                                                                                                                                                                                                      • Opcode ID: 6c5f0d7ec2974498c2233339cf58cf3b1f740b934650b0d17970f7caf35b55de
                                                                                                                                                                                                                                                      • Instruction ID: b474dead6a8b4a0c74c470bb4574914949a78910873c4b8857669b8cc5f659b5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c5f0d7ec2974498c2233339cf58cf3b1f740b934650b0d17970f7caf35b55de
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B21A436B08B9296E7188F65F818AAD73A0FB45B98F484071DE9E83B98DF3CD545C740
                                                                                                                                                                                                                                                      Function 00007FFDFABFBF20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$iii:ReleaseConnection
                                                                                                                                                                                                                                                      • API String ID: 1450464846-93901103
                                                                                                                                                                                                                                                      • Opcode ID: 2c1f4a2d74e4335d5a976ce2070c5015a382f9bd075e807923e8f1b9fcc0981f
                                                                                                                                                                                                                                                      • Instruction ID: 3c9e7281342f730bf8278c777f60f8063688191f95fb7bdbf8d44d80298df90d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c1f4a2d74e4335d5a976ce2070c5015a382f9bd075e807923e8f1b9fcc0981f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1115469B1864282FB08DB65E86487DA3E1FF84B94B480471DE6D877A8DF7CD486CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD6B60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51windowthreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$Eval_PeekThread$Arg_DispatchFromLongLong_ParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: |ii:PumpWaitingMessages
                                                                                                                                                                                                                                                      • API String ID: 2978160965-283788920
                                                                                                                                                                                                                                                      • Opcode ID: e25b213729586b89b7e1090f27b4ad4a897fa623284e9843bbfdffd24b0fd718
                                                                                                                                                                                                                                                      • Instruction ID: 559785b01ab7a24cbb2e19038d4eb667d6c69fbcf76c68238a071bd00ef93563
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e25b213729586b89b7e1090f27b4ad4a897fa623284e9843bbfdffd24b0fd718
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F218E75B2864293F7288F25E464A7E77A0FB88B40F844075DA9E83698DF3CD489CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABFBE60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$i|i:AddConnection
                                                                                                                                                                                                                                                      • API String ID: 1450464846-2306822277
                                                                                                                                                                                                                                                      • Opcode ID: 0f492deffab50aec972e6e3766ae9050fbe53914a095a4795ea5d4e9db0f3359
                                                                                                                                                                                                                                                      • Instruction ID: 0a5d973dc07a419407b3d064369bd8074409f93fa249fe8c396a6300dd70b174
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f492deffab50aec972e6e3766ae9050fbe53914a095a4795ea5d4e9db0f3359
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1116669B2864182FB089B65E86497D63E1FF48B85F481471DA2D4779CDF3CD495C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC129BC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFAC129B0
                                                                                                                                                                                                                                                      • There is no interface object registered that supports this IID, xrefs: 00007FFDFAC12A36
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$ClearD@@@DeallocDict_FromItemObject_StringU_object@@
                                                                                                                                                                                                                                                      • String ID: The Python IID map is invalid - the value is not an interface type object$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                      • API String ID: 1220624143-2203674046
                                                                                                                                                                                                                                                      • Opcode ID: 799eb4144d1e9fda82e894eed1fed6be66e4941ddda7be9e6150ac0c8dbabbc2
                                                                                                                                                                                                                                                      • Instruction ID: 31c2efd60b8fca153acadaf398e6270ce24dc8b33b965fd7a539748f4940c226
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 799eb4144d1e9fda82e894eed1fed6be66e4941ddda7be9e6150ac0c8dbabbc2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2321C82DB09A07A5FB699B1AE86497C23E0FB55B84B0844B1DE2E977DCDE2CF4158300
                                                                                                                                                                                                                                                      Function 00007FFDFABD6C30 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47windowthreadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$Eval_Thread$DispatchError@@RestoreSaveTranslateU_object@@Win_
                                                                                                                                                                                                                                                      • String ID: GetMessage
                                                                                                                                                                                                                                                      • API String ID: 3900028698-1164900787
                                                                                                                                                                                                                                                      • Opcode ID: e6ecb68bd015fce085db3268bd58da63cfc02d1f7b26363086a63898205d8560
                                                                                                                                                                                                                                                      • Instruction ID: 07d87b16e1c6a8cffa20934b42e297139a279c0c1ad67cdbc3ccdbd87c7da205
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6ecb68bd015fce085db3268bd58da63cfc02d1f7b26363086a63898205d8560
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1711603AF1865292F7189B28F4B483D73A1FF99B54F884170DA6E836E8DE3CD544C600
                                                                                                                                                                                                                                                      Function 00007FFDFABC7A80 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$CallClearDeallocEnsureErr_LongLong_MethodObject_Release
                                                                                                                                                                                                                                                      • String ID: _GetTypeInfoCount_
                                                                                                                                                                                                                                                      • API String ID: 1740581890-274466297
                                                                                                                                                                                                                                                      • Opcode ID: 9b56a112c6108d4246eaab6b5d6279952be9b18935cfd93ace92ec68f868ca36
                                                                                                                                                                                                                                                      • Instruction ID: 4e35cf4393628a5363614b0dc3ae47f29e4870ba11b5966e6e5ef661938a07c8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b56a112c6108d4246eaab6b5d6279952be9b18935cfd93ace92ec68f868ca36
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07113D35F28A4282FB499F25E868A3D63E0EF48B94F495470EA2E466D9DF3CD495C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC14888 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FromVariant$ChangeClearDeallocDoubleErr_Float_ObjectObject_TypeU_object@@wsprintf
                                                                                                                                                                                                                                                      • String ID: Error converting floating point variant (%08lx)
                                                                                                                                                                                                                                                      • API String ID: 3578438641-723133735
                                                                                                                                                                                                                                                      • Opcode ID: 7b9100170c47cf82d6be861ec80c7564b581fae52cf5e70215ff36a4249ed944
                                                                                                                                                                                                                                                      • Instruction ID: 2680d9f205184cfff194a4d5e8d905a8e6db6f70ad58461a675f3e49d02e9e15
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b9100170c47cf82d6be861ec80c7564b581fae52cf5e70215ff36a4249ed944
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E11633AB0894691EB288F21E964A7D6371FF44B85F404071C96E87ADCEE2CE545C700
                                                                                                                                                                                                                                                      Function 00007FFDFABCDAD0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_$RestoreSave$DeallocFormat$BuildErrorFromInfoMallocMem_MemoryObjectObject_OccurredU_object@@Value
                                                                                                                                                                                                                                                      • String ID: Both or neither data and size must be given$Expecting a string of %d bytes (got %d)
                                                                                                                                                                                                                                                      • API String ID: 1015436900-2690443178
                                                                                                                                                                                                                                                      • Opcode ID: 541cc2881bb902600b62edfebd62530f55463ef425d13450d6587f9ca0eef94c
                                                                                                                                                                                                                                                      • Instruction ID: a2e813a8c5a42a3dbc9e2474c170e32458a4cb2e088b5cf10d128d0ee1a02735
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 541cc2881bb902600b62edfebd62530f55463ef425d13450d6587f9ca0eef94c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F441A26AB08A4281FF099B66E4609BD63A0AF88BD4F8840B5DF1D477D9DE3CD895C300
                                                                                                                                                                                                                                                      Function 00007FFDFAC06960 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: U_object@@$AllocatedDeallocErr_Object_Sequence_StringTaskTuple@@memset
                                                                                                                                                                                                                                                      • String ID: Sequence not of required length
                                                                                                                                                                                                                                                      • API String ID: 3802877123-3681608443
                                                                                                                                                                                                                                                      • Opcode ID: ec2b3835aeb4cb23f991edbb89c86f72f6c84cd72b6655aa6ac6f4df67984581
                                                                                                                                                                                                                                                      • Instruction ID: 27a0afc72966765fd913433612cd858ab9f93208ce6042d2553713a09db67e36
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec2b3835aeb4cb23f991edbb89c86f72f6c84cd72b6655aa6ac6f4df67984581
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0521712AB0875291FB58EF16E860A7D62A0FF84B80F58C071DFAD92698DF7CE445D700
                                                                                                                                                                                                                                                      Function 00007FFDFABEEC50 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$il:SetFuncHelpContext
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1720986224
                                                                                                                                                                                                                                                      • Opcode ID: 207b0620f78b534ae241454e41f02b3fbf050e6041ef5f8a5e9026a3c760f57f
                                                                                                                                                                                                                                                      • Instruction ID: e17d7649265b0eb672092f047b219309ffef0275ef3367b64d3697803746c831
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 207b0620f78b534ae241454e41f02b3fbf050e6041ef5f8a5e9026a3c760f57f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53217625B1864292EB499B55F46097D63F0FF44BC4F4450B1DA6D477ECDE2CD892C700
                                                                                                                                                                                                                                                      Function 00007FFDFABF2C10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$il:QueryContinueDrag
                                                                                                                                                                                                                                                      • API String ID: 1450464846-3400651177
                                                                                                                                                                                                                                                      • Opcode ID: f45e342ba6e0fc2fb3e077bf475521d9d9f718775eaaa188412fa1d7fae8d8c4
                                                                                                                                                                                                                                                      • Instruction ID: 00a7a1ab175797fb64b8b302613ae57e0c2e660a4bf2412c295d35b95583c5fc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f45e342ba6e0fc2fb3e077bf475521d9d9f718775eaaa188412fa1d7fae8d8c4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71214139B1864282FB499B59F96087D63A1FF48BC4B8510B1DE6D477ECDE2CE5828740
                                                                                                                                                                                                                                                      Function 00007FFDFABED9A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$ii:SetVersion
                                                                                                                                                                                                                                                      • API String ID: 1450464846-3629498280
                                                                                                                                                                                                                                                      • Opcode ID: cf1c2f856a55a7065fadcaff1d9a5eb844ae7163d3de7880d3f3f7c67d7ebb74
                                                                                                                                                                                                                                                      • Instruction ID: def8d893abcc8995cf734f1d001033fb0acfe53f8a85bf91b40777372dbae246
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf1c2f856a55a7065fadcaff1d9a5eb844ae7163d3de7880d3f3f7c67d7ebb74
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0217429B1C64282EB499B59F86487D63F1FF84BC4B841071DA6D477ECDE2CD992C700
                                                                                                                                                                                                                                                      Function 00007FFDFABEDEE0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$il:AddImplType
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1746923440
                                                                                                                                                                                                                                                      • Opcode ID: 47ff6f334fae4c991b868faaf62c38f4158b676c8e250733bb004cd0e98e2724
                                                                                                                                                                                                                                                      • Instruction ID: bd71ba292d4a139c50d96e9a40b07c0f49396b135b4eafe45df26b0e9afaa962
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47ff6f334fae4c991b868faaf62c38f4158b676c8e250733bb004cd0e98e2724
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A217429B1864282FB49DB59F96097D63B0FF48BC4B841071DA2D477ECDE2CE8828740
                                                                                                                                                                                                                                                      Function 00007FFDFABECED0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_D@@@Err_Object_ParseRestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: O:RemoveProperty$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3738645356-4087211678
                                                                                                                                                                                                                                                      • Opcode ID: 040a7eb2c656a0d0b57603d0d705fad14e6759eea0cb4f01b66a1dbc26044ed0
                                                                                                                                                                                                                                                      • Instruction ID: 598e1f747128a8c6050eba36e6d58a10611f264be87c628f9fe067ba14603a01
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 040a7eb2c656a0d0b57603d0d705fad14e6759eea0cb4f01b66a1dbc26044ed0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9216D69B08B4281FB589B15E46497D63A1FF89BC4B840072E96E477ECCE3CE805C740
                                                                                                                                                                                                                                                      Function 00007FFDFABEFAD0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$i:SetLibFlags
                                                                                                                                                                                                                                                      • API String ID: 1450464846-2322495625
                                                                                                                                                                                                                                                      • Opcode ID: 2562f14780bbf32da11e68c6ef63daae7612092c20255e6b338b9a1dd8b12795
                                                                                                                                                                                                                                                      • Instruction ID: 18b06785044922971b8149696f3cb872f95ddb77885c33bec8f661975095d560
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2562f14780bbf32da11e68c6ef63daae7612092c20255e6b338b9a1dd8b12795
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94213569B18A4282FB499B65F56447D63A1FF44BD0B8410B1DA2D477ECDE2CE8928700
                                                                                                                                                                                                                                                      Function 00007FFDFABEF8F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:SetHelpContext
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1782559897
                                                                                                                                                                                                                                                      • Opcode ID: e58a9f49356529bd25aea2e62e18731c3c438f87ff39f524d39a6973dbaabf0d
                                                                                                                                                                                                                                                      • Instruction ID: 6ee6c9d81ae97936638e2250c36ddf1952950b11234d86d2202ee56fc9fb77ea
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e58a9f49356529bd25aea2e62e18731c3c438f87ff39f524d39a6973dbaabf0d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28217729B0864292FB4DDB65F56487D23E1FF84BC0B8510B1D96D473ECDE2CE9828700
                                                                                                                                                                                                                                                      Function 00007FFDFABED8B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:SetHelpContext
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1782559897
                                                                                                                                                                                                                                                      • Opcode ID: 28423b000cb26061461662dd8e210f37a83c18f9f6274b717cb28eccea32ce0a
                                                                                                                                                                                                                                                      • Instruction ID: ddb7873a2462c91467710dfbb085c19153a4b55aec93c6d88f9444c60ebd8c54
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28423b000cb26061461662dd8e210f37a83c18f9f6274b717cb28eccea32ce0a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00213269B1864282FB499B59F96487D63E1FF48BC0B8411B1DA2D477ECDE2CE8828740
                                                                                                                                                                                                                                                      Function 00007FFDFABF1A40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:DUnadvise
                                                                                                                                                                                                                                                      • API String ID: 1450464846-2503205131
                                                                                                                                                                                                                                                      • Opcode ID: a813957bec1d72e4ec1a6eae360dc5f2416396f1f102a972e2c09c2b3303fa25
                                                                                                                                                                                                                                                      • Instruction ID: 691d36419c261de0d785c1c791df6e68f4b599d27498dce949be356b81c2387e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a813957bec1d72e4ec1a6eae360dc5f2416396f1f102a972e2c09c2b3303fa25
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF216529B1868282FB4D9B59F56447D23E1FF44BC0B8514B2DA2D473DCDF2CE4818740
                                                                                                                                                                                                                                                      Function 00007FFDFABEF9E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:SetLcid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1975059913
                                                                                                                                                                                                                                                      • Opcode ID: e7cc0c30509e11d2abf7d419445596ac78027ea5511f5316dd060f6a19835668
                                                                                                                                                                                                                                                      • Instruction ID: 1c621ebb3fa33163a32dde9e25f8a9d378600095024cbb0597a50b094e4a1906
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7cc0c30509e11d2abf7d419445596ac78027ea5511f5316dd060f6a19835668
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0213569B1864282FB499B65F96447D23B1FF48BC0B8414B1DA2D477ECDE2CE8968740
                                                                                                                                                                                                                                                      Function 00007FFDFABCC8D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_Eval_StringThread$Arg_ParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$ll:DeleteMemberByDispID
                                                                                                                                                                                                                                                      • API String ID: 4015722556-3292498650
                                                                                                                                                                                                                                                      • Opcode ID: a5df8b55589deb061659957de24a4f7d6eeae91b49485271400a67feb40f54c2
                                                                                                                                                                                                                                                      • Instruction ID: d8a08b72841a46beae16e9601c07f5c58d7a5713397e7d1efce86f515020a44a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5df8b55589deb061659957de24a4f7d6eeae91b49485271400a67feb40f54c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B214D69B08A4282FB49DB16F46487D23A1FF99BC0B4554B2DE6E4779CCF2CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABEFBC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: :SaveAllChanges$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-2045194468
                                                                                                                                                                                                                                                      • Opcode ID: e3b4beaf66705dc055bca5aa73d3f743755cec424eca7cca90bfe4ca1cf32711
                                                                                                                                                                                                                                                      • Instruction ID: fbc45e68c290d6ad313eac0d1d9571ca0993023985d79435e6fd1a54bfa76722
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3b4beaf66705dc055bca5aa73d3f743755cec424eca7cca90bfe4ca1cf32711
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C212129B18A4282FB599B69F96447D63E1FF48BD0B4414B5DE2D473E8DE2CE4828700
                                                                                                                                                                                                                                                      Function 00007FFDFABF0860 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: :SaveAllChanges$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-2045194468
                                                                                                                                                                                                                                                      • Opcode ID: 524a86bb67535f57cd7e37368eb3b70accfadd7efb0783afbcd54e972b16c612
                                                                                                                                                                                                                                                      • Instruction ID: 1d1b0521846855f63f9a15d1d76dd61e1d4f0101450e1bd614babb49eca2cb04
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 524a86bb67535f57cd7e37368eb3b70accfadd7efb0783afbcd54e972b16c612
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B218329F18A4282FB4D9B59F96447D63E1FF48BD0B4450B1D92D477ECEE2CE4828300
                                                                                                                                                                                                                                                      Function 00007FFDFABEEF20 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: :LayOut$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-1669767414
                                                                                                                                                                                                                                                      • Opcode ID: 1cabf6cc8e177c342894fe3dbd1f90d52ecd11badc6c63bd7b3fb77f68ceb350
                                                                                                                                                                                                                                                      • Instruction ID: 663c8b448bdfa1731762c10cc9643a3a0b44bebbf2dea3ff378607ee41c00761
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cabf6cc8e177c342894fe3dbd1f90d52ecd11badc6c63bd7b3fb77f68ceb350
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79214F29B18A4292FB499B59F9A497D23E1EF48BD0F4450B1DD2D473E8DE6CE8828340
                                                                                                                                                                                                                                                      Function 00007FFDFAC05F00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                                                                      • String ID: :Revert$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 1450464846-2634774199
                                                                                                                                                                                                                                                      • Opcode ID: f5d05b6c290b3732a8527d81052abd3ba78f4d97d504381f6430834c2dd880a3
                                                                                                                                                                                                                                                      • Instruction ID: 99db6ff67ed017ecdfd2b37d2077f1199f1c917d72ee4745e0d5dc71ebc84b61
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5d05b6c290b3732a8527d81052abd3ba78f4d97d504381f6430834c2dd880a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2217429F1864282FB499B69F56447D23E0FF48BC0B4454B1D92D873E8DE2CE4828700
                                                                                                                                                                                                                                                      Function 00007FFDFABFFE60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$DeallocEnsureErr_Object_OccurredReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: GetWindow$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 1861843309-1335995098
                                                                                                                                                                                                                                                      • Opcode ID: c95822b979ef2b8b8f56e3efc7faf64bd560c7fe4571ac7c9b6c5b8aacf3ac3f
                                                                                                                                                                                                                                                      • Instruction ID: 7be74cdbe676f5dc92dbad819d3ba78d72e65dd253d12e0e91fe15e6ae6686b0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c95822b979ef2b8b8f56e3efc7faf64bd560c7fe4571ac7c9b6c5b8aacf3ac3f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8221B636B08B4281FB189F75F864ABD63A0FF48B89F844071DA6E87699DE3CD549C340
                                                                                                                                                                                                                                                      Function 00007FFDFABFCF20 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_Object_ParseR@@@RestoreSaveStringTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: O:SetSize$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 2962986857-3826471295
                                                                                                                                                                                                                                                      • Opcode ID: f24c684d653e7bd5ac2d89a7f3cb6726f8b0b8fb67570b73b1c91a7a256a9fc4
                                                                                                                                                                                                                                                      • Instruction ID: aaade483b488121e9efba88f5991c0b09c637be342160e6c64b0ab76ae1cea65
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f24c684d653e7bd5ac2d89a7f3cb6726f8b0b8fb67570b73b1c91a7a256a9fc4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3213279B18A8281EB489B59F46487DA3A1FF45BC4B8810B1DA6D477ECDE2CE485C740
                                                                                                                                                                                                                                                      Function 00007FFDFAC03BA0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$D@@@DeallocEnsureErr_FromObject_OccurredReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: Delete$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 3892225778-2611616488
                                                                                                                                                                                                                                                      • Opcode ID: 86d8d63662c665d91168bec63aac9c1226e2988ef76702e57dfe38975bab606a
                                                                                                                                                                                                                                                      • Instruction ID: bbbd5206f1f4e07fc0a53c87cc8fab4714b6b2d4b501245611d68311ee280418
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86d8d63662c665d91168bec63aac9c1226e2988ef76702e57dfe38975bab606a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8217139B18B5282EB189B25E824A7D63A1FF48B80F494175DA6E8779CDF3CE445C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC17BC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Capsule_MemoryPointerStringmalloc
                                                                                                                                                                                                                                                      • String ID: GJS $argument does not contain a vtable$win32com universal gateway
                                                                                                                                                                                                                                                      • API String ID: 1948829242-3190988141
                                                                                                                                                                                                                                                      • Opcode ID: 5d8f506d253d88b1354be9a8c3cabf78afe8173118980951495108892916f82b
                                                                                                                                                                                                                                                      • Instruction ID: 9c3c1e95958d2f4f0e90a80fd77ce97361c931371f0fd95f8cf7179317c84842
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d8f506d253d88b1354be9a8c3cabf78afe8173118980951495108892916f82b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE21373A708B4196EB588F26E46452D73E0FB48B84B484471DA5E87799DF3CD495CB40
                                                                                                                                                                                                                                                      Function 00007FFDFAC0CEB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocFromObject_State_U_object@@$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: RenameElement
                                                                                                                                                                                                                                                      • API String ID: 3506329694-3429006631
                                                                                                                                                                                                                                                      • Opcode ID: 996c237859acac2b390b895f099ea73494587c58e18faef19165bf1d7d241df1
                                                                                                                                                                                                                                                      • Instruction ID: 1ea266912cf1271e85284b667ef1d17493bbf4ba247f98367316f5483c0488a4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 996c237859acac2b390b895f099ea73494587c58e18faef19165bf1d7d241df1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66211F3AB18B9296EB189F21E82466DB3A4FF44B94F484071DF9D87B98DF3CD1458700
                                                                                                                                                                                                                                                      Function 00007FFDFABFFA70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_FromLongLong_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: :Hash$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 4099731610-1047631551
                                                                                                                                                                                                                                                      • Opcode ID: 7fc268762b0f37317556f08693ca6fbf113839739d5558dc5ea0582fdaea5724
                                                                                                                                                                                                                                                      • Instruction ID: d656e1aa9038c2bb1ccea84d4f75832e3a8acc5825149ed41d3fe91e6a4a3aba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fc268762b0f37317556f08693ca6fbf113839739d5558dc5ea0582fdaea5724
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45118429B18A8282EB099B65F96483D63B1FF44BD0B4850B2DE2D477ECDF2CE4858700
                                                                                                                                                                                                                                                      Function 00007FFDFABFF9B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_FromLongLong_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: :IsSystemMoniker$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 4099731610-130377936
                                                                                                                                                                                                                                                      • Opcode ID: 4ec0e98927860b8fe2326392b6df68b3b808bd3d326975dc59c14b581ae27793
                                                                                                                                                                                                                                                      • Instruction ID: 77dc8ab942e41bb9e9bcf144428ed577e8e1c9ef9dc6813276613edf411b1b70
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ec0e98927860b8fe2326392b6df68b3b808bd3d326975dc59c14b581ae27793
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19118429B18A8282EB499B65F96457D63A1FF44BD0F4850B2DE6E477DCDF2CE4818700
                                                                                                                                                                                                                                                      Function 00007FFDFAC11EB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Sequence_$CheckDeallocErr_ItemSizeString
                                                                                                                                                                                                                                                      • String ID: ELEMDESCArray must be a sequence of ELEMDESCs
                                                                                                                                                                                                                                                      • API String ID: 448258277-796609628
                                                                                                                                                                                                                                                      • Opcode ID: dc1cd77a3c7006cc522d2ce48a13b70fc3d1a93e41a3ec30296a1c4a113b6d4b
                                                                                                                                                                                                                                                      • Instruction ID: a8fd1b4079998e983fa619d1ab21ab24306a008b494280342ce089f9dfdf03a6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc1cd77a3c7006cc522d2ce48a13b70fc3d1a93e41a3ec30296a1c4a113b6d4b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6216D2AB08A5296EB19DB26A82453E63E0FF45FD0F054475EE5C47B98EF3CE482C344
                                                                                                                                                                                                                                                      Function 00007FFDFABE58E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyGILState_Ensure.PYTHON313 ref: 00007FFDFABE591C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC5088
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC5097
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC50A6
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: Py_BuildValue.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC50D2
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC50F0
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC5109
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC5030: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFABC4EF2), ref: 00007FFDFABC5122
                                                                                                                                                                                                                                                      • ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABE5958
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313 ref: 00007FFDFABE599B
                                                                                                                                                                                                                                                      • _Py_Dealloc.PYTHON313 ref: 00007FFDFABE59B4
                                                                                                                                                                                                                                                      • PyGILState_Release.PYTHON313 ref: 00007FFDFABE59BD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4250: PyErr_Occurred.PYTHON313 ref: 00007FFDFABC4259
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$FromObject_U_object@@$Bstr@@$State_$BuildEnsureErr_OccurredReleaseValue
                                                                                                                                                                                                                                                      • String ID: AddError
                                                                                                                                                                                                                                                      • API String ID: 2964434163-917986504
                                                                                                                                                                                                                                                      • Opcode ID: 8b5dc527ab8124f90fc987dab780a379741419373e6626fbcb4da0952e927563
                                                                                                                                                                                                                                                      • Instruction ID: ece518baa64c18ebfb5d89f5efb15d0f08557e27a0c0176cee9c1a7c7777bd49
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b5dc527ab8124f90fc987dab780a379741419373e6626fbcb4da0952e927563
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9131523AB1DA4282FB589B11E474ABDA3A4FF45BA4F444171DEAD47798EF3CE8418700
                                                                                                                                                                                                                                                      Function 00007FFDFABE6ED0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$Err_FromObject_State_U_object@@$EnsureObjectOccurredRelease
                                                                                                                                                                                                                                                      • String ID: Write
                                                                                                                                                                                                                                                      • API String ID: 2919161206-3165279579
                                                                                                                                                                                                                                                      • Opcode ID: 264a9844286a64c2dbd1b03adfa15f4ea4b779d7635e9e123e7830a94e63efae
                                                                                                                                                                                                                                                      • Instruction ID: 456c4b5c2def8bee625386b1b3504d6814b23c2779e95df6c5043d7f313410ec
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 264a9844286a64c2dbd1b03adfa15f4ea4b779d7635e9e123e7830a94e63efae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5314F26B19A4282EB189B21E474A7D73A0FF45B94F484471EE6E4779CEF3CE8058740
                                                                                                                                                                                                                                                      Function 00007FFDFAC10B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyArg_ParseTuple.PYTHON313 ref: 00007FFDFAC10BE3
                                                                                                                                                                                                                                                      • ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z.PYWINTYPES313 ref: 00007FFDFAC10BFB
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFAC10C16
                                                                                                                                                                                                                                                      • UnRegisterTypeLib.OLEAUT32 ref: 00007FFDFAC10C3C
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFAC10C47
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocObject_U_object@@$Arg_BuildD@@@Err_ErrorFromInfoObjectParseRegisterTupleTypeValue
                                                                                                                                                                                                                                                      • String ID: Oii|ii
                                                                                                                                                                                                                                                      • API String ID: 562348256-1081748617
                                                                                                                                                                                                                                                      • Opcode ID: cdbcce718672a0ab732ea31a64a8aecc2985992c5ead62a3c583af3ff4cb2ded
                                                                                                                                                                                                                                                      • Instruction ID: c39297e673723b142e6061b7d6cd189664915276d3a35ae7b9be2ed4a385e779
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdbcce718672a0ab732ea31a64a8aecc2985992c5ead62a3c583af3ff4cb2ded
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7031413AB08A4295EB14CF15E4645BE73B1FB88B80F550176DAAD83798DF3DD406CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABE9F30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: O:UnRegisterCategories$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3004187977-806227366
                                                                                                                                                                                                                                                      • Opcode ID: 0aa1e33396c3abe562577b2a52788534e192636c5bf782ca5c7290cb517dc445
                                                                                                                                                                                                                                                      • Instruction ID: de46cd03da4a17907b65663071f4d4f5bf75e62d4d4e23b413753a9c2f372fe9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0aa1e33396c3abe562577b2a52788534e192636c5bf782ca5c7290cb517dc445
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B215129B1CA5282EB18AF55E8605BDA3A0FF85B90F444072DE6D477EDCE2CE846C740
                                                                                                                                                                                                                                                      Function 00007FFDFAC0EB00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyErr_SetString.PYTHON313 ref: 00007FFDFAC0EB3E
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFAC0EB56
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFAC0EB75
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFAC0EBAD
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFAC0EBCB
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocErr_$BuildErrorFromInfoObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3213920475-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: d0552a86027765dd99ebaaa5794eaa78f988985c2e0317647f4bda92920a4f84
                                                                                                                                                                                                                                                      • Instruction ID: 6cffbc01c98e5ec7c7adc6e705fff41bc0ccf4efb73ffec6b082ff70e9fe796a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0552a86027765dd99ebaaa5794eaa78f988985c2e0317647f4bda92920a4f84
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7217429B19A6182EB49DB16F45457E63B0FF88FD0B485072DE6E5779CCE3CD4428300
                                                                                                                                                                                                                                                      Function 00007FFDFAC06880 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$DeallocEnsureErr_FromLongLong_OccurredReleaseTuple_Unsigned
                                                                                                                                                                                                                                                      • String ID: DeleteMultiple$Unexpected exception in gateway method '%hs'
                                                                                                                                                                                                                                                      • API String ID: 667690297-3044724248
                                                                                                                                                                                                                                                      • Opcode ID: dd87a41a8988dc3a1e173c03328119fded4540e4534685f9a4a472afc8debd36
                                                                                                                                                                                                                                                      • Instruction ID: 972f5b980a28cb28e6647de6ebee69729f86d3b970567eb32ac0356ac2c73176
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd87a41a8988dc3a1e173c03328119fded4540e4534685f9a4a472afc8debd36
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5218639B1865292FB189F25E824ABD63B1FF48B84F484171DA6D877DDEE3CE4058300
                                                                                                                                                                                                                                                      Function 00007FFDFAC10EA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Bstr@@Object_$Arg_Err_FreeParseStringTupleU_object@@
                                                                                                                                                                                                                                                      • String ID: O|i:Bind$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3061223275-2584696442
                                                                                                                                                                                                                                                      • Opcode ID: 0d960c27681c90812c89b8f24a092050a8bec021980732a51c3a71dcb4ad7379
                                                                                                                                                                                                                                                      • Instruction ID: dc4e4477ac7cc8e6334f0596c30c50ce70eed2846ebba65762264e1e68e24c19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d960c27681c90812c89b8f24a092050a8bec021980732a51c3a71dcb4ad7379
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2217F29B1874292EB18CB56E46096EA3A0FF88BD0B490476EE6D47BDCDF7CD445C700
                                                                                                                                                                                                                                                      Function 00007FFDFABE6B00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$ClearDeallocEnsureErr_Object_R@@@ReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: GetSizeMax
                                                                                                                                                                                                                                                      • API String ID: 1322101601-2032451762
                                                                                                                                                                                                                                                      • Opcode ID: c2f3a04b8098f13dc8d09efc9a1f1450f9ebef33c473d39311d4dd7ebd679e11
                                                                                                                                                                                                                                                      • Instruction ID: 0633197d4c3d28c75facaec579dcaf729a02f49e255112e97a46286fbf6ec076
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2f3a04b8098f13dc8d09efc9a1f1450f9ebef33c473d39311d4dd7ebd679e11
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B021B33AB08B4682EB149B25E86467D63E1FF88BD4F444071DE5D8779CDE3CD8058700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0D980 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$|l:Commit
                                                                                                                                                                                                                                                      • API String ID: 3004187977-2642149698
                                                                                                                                                                                                                                                      • Opcode ID: 39762e166c048825f1dc82f24496fd5b80e8c834e2555f4f23b50b578e639065
                                                                                                                                                                                                                                                      • Instruction ID: ad7363ec4f7411e1173f8202b438169291360e916dd504494e7e6ab78aae5e8b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39762e166c048825f1dc82f24496fd5b80e8c834e2555f4f23b50b578e639065
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34217C39B18A5282EB099B16F56497D63B1FF48BD0F4850B2DA6E437ECDF2CE4818740
                                                                                                                                                                                                                                                      Function 00007FFDFABF69E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                                      • API String ID: 3004187977-1306879369
                                                                                                                                                                                                                                                      • Opcode ID: 0c5e10abf1e52133ccacacc21f7957437f35a3c10a868ab7f8285d1eee5ffa9a
                                                                                                                                                                                                                                                      • Instruction ID: 7c46e74f2be3a58a0394e3fada7e6eb12aefcd52dbce1160b07cfed37caf64d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c5e10abf1e52133ccacacc21f7957437f35a3c10a868ab7f8285d1eee5ffa9a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53215E39B18A8282EB099B59F56487D63A1FF48BD0B8850B2DE6D4379CDE3CE8518700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0DA60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: :Revert$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3004187977-2634774199
                                                                                                                                                                                                                                                      • Opcode ID: c8b6b02d35ee5d8b0445a639188fa3150b8f47c4fd2a52f6de6e58c157758a0d
                                                                                                                                                                                                                                                      • Instruction ID: 7b54335891a69044752263e741bd729fa1f67193305b4f0ef70ecedee55a0248
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8b6b02d35ee5d8b0445a639188fa3150b8f47c4fd2a52f6de6e58c157758a0d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19118E29B1CA5282FB099B59F96497D63B1EF48BD0B4850B1DD2E937ECCE2CE4818740
                                                                                                                                                                                                                                                      Function 00007FFDFABFAB20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$k:Skip
                                                                                                                                                                                                                                                      • API String ID: 3004187977-1356879153
                                                                                                                                                                                                                                                      • Opcode ID: eb39dc8b6ecc3ff0706ae8988a9db6ecb0d5beceb7090706d5e28579cbf7df6b
                                                                                                                                                                                                                                                      • Instruction ID: cc3d89cacbeedf88b495efe22f7126289e30ba2e54dfd0b31424fb208fea5bef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb39dc8b6ecc3ff0706ae8988a9db6ecb0d5beceb7090706d5e28579cbf7df6b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3116029B1864282EB0D9B55F56487D23A2FF88BD0B8850B5CA2D437DCDE3CE4458700
                                                                                                                                                                                                                                                      Function 00007FFDFABF4F20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                                      • API String ID: 3004187977-1306879369
                                                                                                                                                                                                                                                      • Opcode ID: a0fe4324aeacb3d0180abc750c819c71f18971bff622495e98722b2e356bbec0
                                                                                                                                                                                                                                                      • Instruction ID: 4ea3b2a13392898136f96e290cb164be3fc530c371e6fa17bf2088cc8a87dbf4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0fe4324aeacb3d0180abc750c819c71f18971bff622495e98722b2e356bbec0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84112C69B0864292EB0DDB56F56487D63A1FF89BD0B8950B2DA2D437DCDE3CE4458600
                                                                                                                                                                                                                                                      Function 00007FFDFABFDEB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                                      • API String ID: 3004187977-1306879369
                                                                                                                                                                                                                                                      • Opcode ID: 66129de6f6d0f6075f6df05228a047bda696570b23f4c61d4cb528d562b9f861
                                                                                                                                                                                                                                                      • Instruction ID: 3738de2225c5e7586e257d4e62f9239162156ca7f395768e81bc0afad7c170cb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66129de6f6d0f6075f6df05228a047bda696570b23f4c61d4cb528d562b9f861
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2115E39B0864282EB0DDB59F56497D63A1FF89BD0B8940B6C92D437DCDE3CE4418240
                                                                                                                                                                                                                                                      Function 00007FFDFABFABE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: :Reset$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3004187977-3082310266
                                                                                                                                                                                                                                                      • Opcode ID: 83612420d81f6b9468827b63cfaf3c87c6a7196c45f7b094c872b5dfa0ad7630
                                                                                                                                                                                                                                                      • Instruction ID: 6e470101768ed981b1575aab211c2d2559df021e9c9c2bf9dd4e2f3bdee09004
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83612420d81f6b9468827b63cfaf3c87c6a7196c45f7b094c872b5dfa0ad7630
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D113369B18A4282FB0D9B5AE97497D23E1FF48BD0B895075C92D477DCDE3CE4918300
                                                                                                                                                                                                                                                      Function 00007FFDFABF8890 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: :Reset$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3004187977-3082310266
                                                                                                                                                                                                                                                      • Opcode ID: 68f18b20b2b54fc4fb8e78159d94e5efd9ca99723c8a9c9add4e4e7cee4777a4
                                                                                                                                                                                                                                                      • Instruction ID: 647bb05b5b73edb1b616c0be7115e0452f404c16a83d570ad7fe9ecec58fadb3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68f18b20b2b54fc4fb8e78159d94e5efd9ca99723c8a9c9add4e4e7cee4777a4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4113369F08A4281FB0D9B9AE96497D23E1FF48BD0B4950B5C92D477ECDE3CE4919300
                                                                                                                                                                                                                                                      Function 00007FFDFAC01F00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveStringTuple
                                                                                                                                                                                                                                                      • String ID: :IsDirty$The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 3004187977-2698278726
                                                                                                                                                                                                                                                      • Opcode ID: c8dcd4893b064f1eeebea729bae00eafd4a3d2d17882c28638f29c3709215d85
                                                                                                                                                                                                                                                      • Instruction ID: 382b49eceacdc1ef68f341adace7ae6f1c0f42d7bb9619c567d07c249a646473
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8dcd4893b064f1eeebea729bae00eafd4a3d2d17882c28638f29c3709215d85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D115429F1CA5182EB099B25A96447DA3A1EF44FD0B085072DD2E877DCDF2CE4918300
                                                                                                                                                                                                                                                      Function 00007FFDFABC4BF0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$ExceptionRestore$FetchGivenMatchesNormalize
                                                                                                                                                                                                                                                      • String ID: error
                                                                                                                                                                                                                                                      • API String ID: 3047404446-1574812785
                                                                                                                                                                                                                                                      • Opcode ID: 78656cf6149c794b2f350da287e35863a10b2bf4f8e639e9a702d90701bcd437
                                                                                                                                                                                                                                                      • Instruction ID: ee72ef8d7d306378ccc357f56ab0b8e5ee390fff6a24d6dd10bb0809bbe15182
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78656cf6149c794b2f350da287e35863a10b2bf4f8e639e9a702d90701bcd437
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6216DBA718B4291EB14CF11E4588AE73A4FB88BD4F444172DAAD43768DF3CD654CB50
                                                                                                                                                                                                                                                      Function 00007FFDFABE4B00 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Tuple_$Item$FromLongLong_Reference
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4085848814-0
                                                                                                                                                                                                                                                      • Opcode ID: 83c834f8f0d030ea6a3659a01812351e35f06034e60eb05c416c313f162fac9a
                                                                                                                                                                                                                                                      • Instruction ID: caf3b28424882d52e18535d7e71dcec01869d5e2ed1da75cad0fce8c2e0bc31b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83c834f8f0d030ea6a3659a01812351e35f06034e60eb05c416c313f162fac9a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3317A7AB047118AE354CF26E89496D77E8FB4CB94B054575EE5D83B48DF38D482C740
                                                                                                                                                                                                                                                      Function 00007FFDFAC15BC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • Internal error - unexpected argument - only simple VARIANTTYPE expected, xrefs: 00007FFDFAC15C42
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArraySafe$BoundDeallocErr_FromObjectObject_U_object@@
                                                                                                                                                                                                                                                      • String ID: Internal error - unexpected argument - only simple VARIANTTYPE expected
                                                                                                                                                                                                                                                      • API String ID: 1195713461-2832032402
                                                                                                                                                                                                                                                      • Opcode ID: 6e16048078d03c25611247b060805e42c51dce872a3323787c3289adf07e5480
                                                                                                                                                                                                                                                      • Instruction ID: b3e728e8d50135f3ef4d7c4af599034d8b3023f2068167539e3f74164ebf85e0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e16048078d03c25611247b060805e42c51dce872a3323787c3289adf07e5480
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64115729B09A0595EB549B26F82067D63A4FF8DBE0F080174DE6D877E9DF3CD4418700
                                                                                                                                                                                                                                                      Function 00007FFDFAC14BCC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DeallocErr_Object_$ArrayFromObjectSafeU_object@@$BufferDataView@@$AccessClearElementItemSequence_SizeStringU_object@@_UnaccessVariantmemcpy
                                                                                                                                                                                                                                                      • String ID: All dimensions must be a sequence of the same size
                                                                                                                                                                                                                                                      • API String ID: 2035938186-2458871060
                                                                                                                                                                                                                                                      • Opcode ID: 188d27091ff1154461be9ac25fcbaec1412ed2373bbb28757b84dee600d62ba4
                                                                                                                                                                                                                                                      • Instruction ID: 8e35099e8a3d26d07d0971ef104048bd27b4948c769b233a7e08e6cbde024a37
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 188d27091ff1154461be9ac25fcbaec1412ed2373bbb28757b84dee600d62ba4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD118F76B05A42E5E7198F26E824BAD77A0FB48B98F044471DE2D86798DE3CE482C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0FEB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PyErr_SetString.PYTHON313 ref: 00007FFDFAC0FEEE
                                                                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON313 ref: 00007FFDFAC0FF06
                                                                                                                                                                                                                                                      • PyEval_RestoreThread.PYTHON313 ref: 00007FFDFAC0FF25
                                                                                                                                                                                                                                                      • PyLong_FromLong.PYTHON313 ref: 00007FFDFAC0FF54
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4CFC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D49
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFDFABC4D59
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D64
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFDFABC4D85
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFDFABC4D9C
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFDFABC4DBC
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: Py_BuildValue.PYTHON313 ref: 00007FFDFABC4DDD
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4DF4
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFDFABC4E07
                                                                                                                                                                                                                                                        • Part of subcall function 00007FFDFABC4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFDFABC4E20
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$RestoreSave$DeallocErr_From$BuildErrorInfoLongLong_ObjectObject_StringU_object@@Value
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 4146544723-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: 9f4997666fbcdce15a9e5b79a0c0e1365b64e8e7288a22ea9514dc5812a2b943
                                                                                                                                                                                                                                                      • Instruction ID: 406c2c72eb5edd3108412378a416e9621c434580296f631b6fdafd0831069369
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f4997666fbcdce15a9e5b79a0c0e1365b64e8e7288a22ea9514dc5812a2b943
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4116369B18A9282EB09CB15F56446D63B1FF88BD4B4950B2DE2E5779CCE3CE881C740
                                                                                                                                                                                                                                                      Function 00007FFDFABE4EE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$D@@@DeallocEnsureObject_ReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: GetConnectionInterface
                                                                                                                                                                                                                                                      • API String ID: 1645649514-2932743419
                                                                                                                                                                                                                                                      • Opcode ID: 3caffe5dda24372f0857224b57dbe1ca049435263498db17f41f8238655d8b32
                                                                                                                                                                                                                                                      • Instruction ID: 065519785892502074c93ccb1c8f951f3e70dfaf51a91b8c300ddb01e42dff8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3caffe5dda24372f0857224b57dbe1ca049435263498db17f41f8238655d8b32
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2115135F18A4391FB588B25E8A4A7D63E0FF88F84F4440B1DA5E8769CDE2DD8458381
                                                                                                                                                                                                                                                      Function 00007FFDFABD4AE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$ActiveArg_ObjectParseRestoreRevokeSaveTuple
                                                                                                                                                                                                                                                      • String ID: l:RevokeActiveObject
                                                                                                                                                                                                                                                      • API String ID: 2010330885-656249077
                                                                                                                                                                                                                                                      • Opcode ID: 34b4421c3d6b4205db5e74b35b6e2d79deea5f250a84893d64cea8c58abbd185
                                                                                                                                                                                                                                                      • Instruction ID: eda9b3ebf87cfb1ed9f638299346d12d5aae2ad680fe33b2f00daa6cf3916fcc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34b4421c3d6b4205db5e74b35b6e2d79deea5f250a84893d64cea8c58abbd185
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA011E79B18A4292E71C9B16E864A7E63F1FBC9784F880175DA5D83798DF3CD505C700
                                                                                                                                                                                                                                                      Function 00007FFDFABF2EA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$DeallocEnsureLongLong_Release
                                                                                                                                                                                                                                                      • String ID: GiveFeedback
                                                                                                                                                                                                                                                      • API String ID: 1519730240-3077175550
                                                                                                                                                                                                                                                      • Opcode ID: 3275b49b59b62248def1a8c46e5cc2b6caaf26893a42bd62287c9d9b9de76238
                                                                                                                                                                                                                                                      • Instruction ID: e0f8b566bd7c9f77e3f6b5add6642b722065c68c9c6cd5d98ae0dc95852c3273
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3275b49b59b62248def1a8c46e5cc2b6caaf26893a42bd62287c9d9b9de76238
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3112A7AB18B5282E7098F69E4546AE73B0FB89B84F484471EE5D83798DF3CD445CB00
                                                                                                                                                                                                                                                      Function 00007FFDFAC00940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$DeallocEnsureFromObject_ReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: Save
                                                                                                                                                                                                                                                      • API String ID: 4093839183-4115961312
                                                                                                                                                                                                                                                      • Opcode ID: 43e45fba48872af5e67a5766f29a849487808eed1c76cc8242a707e3c13e092d
                                                                                                                                                                                                                                                      • Instruction ID: 21978fba7defc7ad55771266a90de64dd603732363d077810813ecb4227c2237
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43e45fba48872af5e67a5766f29a849487808eed1c76cc8242a707e3c13e092d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0801393AB18B5282EB048F22E91466DB3A0FB49BA0F494071DE5D83B98DE3CD4548B40
                                                                                                                                                                                                                                                      Function 00007FFDFAC008A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$DeallocEnsureFromObject_ReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: Load
                                                                                                                                                                                                                                                      • API String ID: 4093839183-2234796835
                                                                                                                                                                                                                                                      • Opcode ID: cd04774691088bb2c5a989e58d7f9fd3e7a29c4cb896ae34f0d85d1fa2dc603c
                                                                                                                                                                                                                                                      • Instruction ID: b49599fb9f30c3732a8c79433308e93a00566d92592a4828868f77a138b44fa1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd04774691088bb2c5a989e58d7f9fd3e7a29c4cb896ae34f0d85d1fa2dc603c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A011B3AB08B5692EB149F26E8146ADB3B0FB89B90F4A4071DE5D83B9DDF3CD5548700
                                                                                                                                                                                                                                                      Function 00007FFDFABD7AB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38threadcomCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Arg_InitializeParseRestoreSaveTuple
                                                                                                                                                                                                                                                      • String ID: :OleInitialize
                                                                                                                                                                                                                                                      • API String ID: 940585508-1252408737
                                                                                                                                                                                                                                                      • Opcode ID: 616f53c1c1a5ee29d2add520433ecf284c314cd881e812c70a75b3f273b81255
                                                                                                                                                                                                                                                      • Instruction ID: 9a81a85a47e264c8524d8f7255e330d31e503ea508fe4c4e89fbeb49c64b6e80
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 616f53c1c1a5ee29d2add520433ecf284c314cd881e812c70a75b3f273b81255
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6011E39B18A4292EB0C9B26E86497D63E1FF8DB80FC805B5D95D877A8DE3CE1458700
                                                                                                                                                                                                                                                      Function 00007FFDFAC009E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$DeallocEnsureFromObject_ReleaseU_object@@
                                                                                                                                                                                                                                                      • String ID: SaveCompleted
                                                                                                                                                                                                                                                      • API String ID: 4093839183-2006622397
                                                                                                                                                                                                                                                      • Opcode ID: f4104ee9b264fa95982eb0e7ba8745b25176b618fc40db9593530c4d2db34522
                                                                                                                                                                                                                                                      • Instruction ID: da68294961f176d67da89450e689e4d746efbb8c979dbd6fb86028ca8a200339
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4104ee9b264fa95982eb0e7ba8745b25176b618fc40db9593530c4d2db34522
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C015E3EB08B5292EB088B26E82496D63A0FB84B90F498571DE5D83798DF3CD455C700
                                                                                                                                                                                                                                                      Function 00007FFDFABD1B6E Relevance: 7.6, APIs: 5, Instructions: 80threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: a5e7344c7df7af1c22d1b9d3aeb0b02906fd267e2ce5cf8fe6e2180124cbb05e
                                                                                                                                                                                                                                                      • Instruction ID: 9980ec5bdc5d7d398b1b9afe790df8a1d2d782a632182e618204b516d95a8086
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5e7344c7df7af1c22d1b9d3aeb0b02906fd267e2ce5cf8fe6e2180124cbb05e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E241F736608A8186DB58DB08E49472EB7B0FBD5B44F940075E79E87BA8CF7DD881CB00
                                                                                                                                                                                                                                                      Function 00007FFDFAC11AA0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: free$ClearErr_LongLong_MemoryVariantmalloc
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2176891292-0
                                                                                                                                                                                                                                                      • Opcode ID: d3b98422f22c8a01cb1c549aa0a33762eb39c38d977fa6c205da2c2532438e27
                                                                                                                                                                                                                                                      • Instruction ID: 513d78069c88b3c935b74b395c4da363bbfb8d28095ecfd7da9ee151bec8f460
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3b98422f22c8a01cb1c549aa0a33762eb39c38d977fa6c205da2c2532438e27
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D215E36B09B8191EB498F16F464A7D77A0EF88F84B184478DB6E47789EE3CE8518700
                                                                                                                                                                                                                                                      Function 00007FFDFABD1B3C Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: 48120cdf797f02399dbac96b29f52db69fe021154118b6418117f04479985125
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48120cdf797f02399dbac96b29f52db69fe021154118b6418117f04479985125
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD1B5F Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: 2a91899d05150e13e0db880a3080f8b649e490f06f91fc5ae8790163d9026421
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a91899d05150e13e0db880a3080f8b649e490f06f91fc5ae8790163d9026421
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD1933 Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: af7475641ed73c52048dbe11d42fc1bb689ff7a3ef624c88c990dd8a62f40989
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af7475641ed73c52048dbe11d42fc1bb689ff7a3ef624c88c990dd8a62f40989
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD188E Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: 820d6485c1b572dbe88501ffbc4fa96cc3d19f051fba35e38e1c8f818ff5b0b7
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 820d6485c1b572dbe88501ffbc4fa96cc3d19f051fba35e38e1c8f818ff5b0b7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD1A58 Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: a7524a524d510db184de8c67320380a9ac8b698b885440a96a883d836e445766
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7524a524d510db184de8c67320380a9ac8b698b885440a96a883d836e445766
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD19EB Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: 80e9636e4addcfeee93d01e0838a21b6e8ad91d9349d7261f5d25464bc70adbe
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80e9636e4addcfeee93d01e0838a21b6e8ad91d9349d7261f5d25464bc70adbe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD19BC Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: ceba6d62563a6379fac60d3b3afa6352d36e8d975787c36c3831d34a2241f16e
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ceba6d62563a6379fac60d3b3afa6352d36e8d975787c36c3831d34a2241f16e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD1965 Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: a0f28905f09be49d079744fef972341d32de1ee8f3fd46900813776fd0338d08
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0f28905f09be49d079744fef972341d32de1ee8f3fd46900813776fd0338d08
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABD198F Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$FreeRestoreSave$Object_Task
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 783668138-0
                                                                                                                                                                                                                                                      • Opcode ID: 1863d7fca1b33f77bc0848a0a1c32ad60999d7da140397fd26f49327d848fe79
                                                                                                                                                                                                                                                      • Instruction ID: b36065a9e6766ac058c9c3e0e2c0055fac2fa353a4edbf259db5c8bd8426fc19
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1863d7fca1b33f77bc0848a0a1c32ad60999d7da140397fd26f49327d848fe79
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B521E936708A4182E758DB08E49476EB7B0FBC5B44F540075EA9E837A8CF3DD895CB00
                                                                                                                                                                                                                                                      Function 00007FFDFAC0EBF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 695671107-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: 1e5bd2247a94a1d79e8dbaac90f30fe30660ed4b4f105412d304d0336757a857
                                                                                                                                                                                                                                                      • Instruction ID: 376cb68a9c0ecbdc6f8f2e424e992c3616d195dcf82dce23ab2cf05a6a6a3f47
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e5bd2247a94a1d79e8dbaac90f30fe30660ed4b4f105412d304d0336757a857
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C21B029B19A5282EB589B15F52097E63B1EF88BC4F4951B2EE6D537DCCF2CE8418700
                                                                                                                                                                                                                                                      Function 00007FFDFABF6AB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 695671107-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: f2942db308436a91a1507b966a8e3c857c317641c98f2cfb1bfe3cd1b0da178d
                                                                                                                                                                                                                                                      • Instruction ID: 12f3c2f8154277feb69ac219300dbf64f857eb2a55410ac4ac6025a597e34bb5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2942db308436a91a1507b966a8e3c857c317641c98f2cfb1bfe3cd1b0da178d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27114239B18AC182EB1D8B55E56447D63A1FF48BD0B4850B2DE2E477ECDE3CE4518700
                                                                                                                                                                                                                                                      Function 00007FFDFAC09900 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 695671107-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: dc586786b49576c1de34849ebc0a0d7c37e00a99db0889586e40daced4b9d73d
                                                                                                                                                                                                                                                      • Instruction ID: bdfe3f126f1bf33455aef5c343e4b302f69e622b81c056aa1a3e2e1e00b91a4c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc586786b49576c1de34849ebc0a0d7c37e00a99db0889586e40daced4b9d73d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D511423DB1865182EB5D8B55E56457D63B0FF48BD0B4850B2DE6E877ECDE2CE4418700
                                                                                                                                                                                                                                                      Function 00007FFDFABF5C50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid$l:Skip
                                                                                                                                                                                                                                                      • API String ID: 385655187-1306879369
                                                                                                                                                                                                                                                      • Opcode ID: ba4ce1c3cc26001e6f54e9ff340dcaeb8876c3d9eb05f9768509cf874c3409c5
                                                                                                                                                                                                                                                      • Instruction ID: 01a2111ea95b79d36a37e351a1a67398f29107d2e7d940fe25f076f4696dfaf9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba4ce1c3cc26001e6f54e9ff340dcaeb8876c3d9eb05f9768509cf874c3409c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04113369B0864292FB0D9B65E46497923E1EF88B84B8941B1C92D473D8DE3CE441C200
                                                                                                                                                                                                                                                      Function 00007FFDFAC099B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Eval_Thread$Err_RestoreSaveString
                                                                                                                                                                                                                                                      • String ID: The Python object is invalid
                                                                                                                                                                                                                                                      • API String ID: 695671107-2445808733
                                                                                                                                                                                                                                                      • Opcode ID: 9b1e5c274f0a52fd27a019495541032763af67f2712baae29a839784ee2747cd
                                                                                                                                                                                                                                                      • Instruction ID: 2a6c5b78abe1945f2a4cdfd10b5d6ae757263c949506bd7200b2a84299b4dcf2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b1e5c274f0a52fd27a019495541032763af67f2712baae29a839784ee2747cd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DDF0316DB19A42C2FF0C9B65A8A453D63E1FF18B84B085471CA2D876E8DF2CD0958300
                                                                                                                                                                                                                                                      Function 00007FFDFABF0A30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                                      • String ID: HOiii:FORMATETC$td must be None
                                                                                                                                                                                                                                                      • API String ID: 385655187-3711422910
                                                                                                                                                                                                                                                      • Opcode ID: 0ea6e1a18ad9822b6dd0516befe3b0a45cf000ef1ce5333c7add702cbd90bca4
                                                                                                                                                                                                                                                      • Instruction ID: e85251a7e6373829ad4b55fd0570cf5b2cbe68cb86f52fe37e12ac1007f51274
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ea6e1a18ad9822b6dd0516befe3b0a45cf000ef1ce5333c7add702cbd90bca4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C0162A6B04B8291FB04CB54E450AA973E0FB44B84F884072D95D877B8EF7CD5D5C710
                                                                                                                                                                                                                                                      Function 00007FFDFAC16AA0 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Tuple_$DeallocDict_Item
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4030228039-0
                                                                                                                                                                                                                                                      • Opcode ID: 75126bdba81cdd180b33286ac62cedc838fece530eef8bf7169ba2c14301147b
                                                                                                                                                                                                                                                      • Instruction ID: e5efd11173b074a65c2c4a4da306e43b565315e25619ac98b85f1bc1e53e7894
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75126bdba81cdd180b33286ac62cedc838fece530eef8bf7169ba2c14301147b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66414B3A704B4196EB14CF65F96496DB3A4FB88794F458635DAAD437A8DF3CE005C700
                                                                                                                                                                                                                                                      Function 00007FFDFABC3F20 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorEval_InfoThread$CreateRestoreSave
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4101529084-0
                                                                                                                                                                                                                                                      • Opcode ID: cfcb6817ebd44ef5a3b8b0c10cf24590c0509fbadcdd8f52a91cc21044e7d9db
                                                                                                                                                                                                                                                      • Instruction ID: e36a0fb1e971e068a80c436685dc25b63f5e9b828429bbdb41657040cc8d8b3a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfcb6817ebd44ef5a3b8b0c10cf24590c0509fbadcdd8f52a91cc21044e7d9db
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D21C97A704A4182DB049F2AE49452DA771FBC8FD5B658462EF5E47768CE3ED844C700
                                                                                                                                                                                                                                                      Function 00007FFDFA9C0504 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2946946762.00007FFDFA441000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFA440000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2946913655.00007FFDFA440000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947587275.00007FFDFA9DA000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947717904.00007FFDFAB5F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947759808.00007FFDFAB65000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947785124.00007FFDFAB67000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947809766.00007FFDFAB6D000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947836050.00007FFDFAB6E000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947860733.00007FFDFAB72000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfa440000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                                                      • Opcode ID: beceb9d99cd86d4124f4c4e6ac7526b31cb8b8c9be067b383abdb293bdb3ff0d
                                                                                                                                                                                                                                                      • Instruction ID: a735c4e99acc82ceb581095f9e9a023a1eac5fc868935315848bf1a7f4753db2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: beceb9d99cd86d4124f4c4e6ac7526b31cb8b8c9be067b383abdb293bdb3ff0d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75113026B14F018AEB00CF61E8646B833B4F719B58F840E75DA7D86BA8DF78D1A48340
                                                                                                                                                                                                                                                      Function 00007FFDFABC4AF0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Err_$Exception$FetchGivenMatchesNormalizeRestore
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2089906250-0
                                                                                                                                                                                                                                                      • Opcode ID: 53ee736984633b283623d2ca35dd044706e998d2c2ea061dfb4dc42915074f85
                                                                                                                                                                                                                                                      • Instruction ID: 5c82e0c11bf4a85a57c483934624b0637faa512557aef02523cf2072f2c9361e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53ee736984633b283623d2ca35dd044706e998d2c2ea061dfb4dc42915074f85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8010066729A4192EB448F05E4949AAB360FBC5B90F445072EE9E43A98DF3DD545C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC128E3 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Global$Size$Bytes_FromLockStringUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 911184104-0
                                                                                                                                                                                                                                                      • Opcode ID: 29b85938cf0b3a91f0d98d1f346e26298622598660a1be10a37f41af03a5a3b4
                                                                                                                                                                                                                                                      • Instruction ID: 57acbd228f5015cb44b4b35f6f183cc400ccb175799363feec3c20e2b5f1243f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b85938cf0b3a91f0d98d1f346e26298622598660a1be10a37f41af03a5a3b4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAF0FF3DB09A02A6EB589F16E46453C63A0FB48F94B0804B1CF2E873D8DE2CE4909300
                                                                                                                                                                                                                                                      Function 00007FFDFAC13910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • PyVARDESC ctor has unknown varkind (%d) - returning None, xrefs: 00007FFDFAC139E4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Dealloc$BuildFromLongLong_ReferenceValue
                                                                                                                                                                                                                                                      • String ID: PyVARDESC ctor has unknown varkind (%d) - returning None
                                                                                                                                                                                                                                                      • API String ID: 857882782-2090549355
                                                                                                                                                                                                                                                      • Opcode ID: 09f1b1b397e2ababb9029e309dc222d71feba5eb567c9fa76d0930032f86a32b
                                                                                                                                                                                                                                                      • Instruction ID: e13cba223c931199b61a7f5f794bd749c5bef87892fe22966952088a209524a3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09f1b1b397e2ababb9029e309dc222d71feba5eb567c9fa76d0930032f86a32b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0721907AB09A41A6E7588F29D46193C37B0FB08B88B544571DA6E837D8DF3CE4A1CB40
                                                                                                                                                                                                                                                      Function 00007FFDFAC16A10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AttrDeallocObject_String
                                                                                                                                                                                                                                                      • String ID: value
                                                                                                                                                                                                                                                      • API String ID: 2855338292-494360628
                                                                                                                                                                                                                                                      • Opcode ID: 329f5dabfb3af3e27921c76b4f254d2a3cda406b5cdd589a3693cce0bcaa62a3
                                                                                                                                                                                                                                                      • Instruction ID: 7d49d0a65fe32684961aca1c18e638ba031a7e493610ad0940f23cb631fcd67b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 329f5dabfb3af3e27921c76b4f254d2a3cda406b5cdd589a3693cce0bcaa62a3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD019E6AB0564295EB998F26E46073C32E0EF08B98F48C471DB6D863D8DF3CD4928B00
                                                                                                                                                                                                                                                      Function 00007FFDFAC0CBF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: Commit
                                                                                                                                                                                                                                                      • API String ID: 715727267-1232612251
                                                                                                                                                                                                                                                      • Opcode ID: bb559d96f6e3e9a0462d0597566b60fb6560431c072bac3f22584261cf4cf6f8
                                                                                                                                                                                                                                                      • Instruction ID: 381cb0d0c485a5b3e7398ed13ff02e8c9649d164aa61277bcf8ad848b9dc9786
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb559d96f6e3e9a0462d0597566b60fb6560431c072bac3f22584261cf4cf6f8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEF05E3AB14B6592EB008F29E41455DA3B0FB88B94F444572DF9C83758DF3CD445CB40
                                                                                                                                                                                                                                                      Function 00007FFDFABF9990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: Skip
                                                                                                                                                                                                                                                      • API String ID: 715727267-1480915523
                                                                                                                                                                                                                                                      • Opcode ID: a2723dbc9738e0f958670cf5bbb05955224aa9e659b899422e69c5b71d37cf5c
                                                                                                                                                                                                                                                      • Instruction ID: dbf1d60db614c5565e7637526e809ee7483c04157160d0623bf613f531b86e14
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2723dbc9738e0f958670cf5bbb05955224aa9e659b899422e69c5b71d37cf5c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41F05E3AB14B6592EB008F29E41455DA3B0FB88B94F444572DF5C83758DF3CD446CB40
                                                                                                                                                                                                                                                      Function 00007FFDFABFFF40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: ContextSensitiveHelp
                                                                                                                                                                                                                                                      • API String ID: 715727267-4110576620
                                                                                                                                                                                                                                                      • Opcode ID: 5f0dd99ab47ecc7509ba3c6f4d436b5d1ddde4d4baa7bb723593fd628b7c245c
                                                                                                                                                                                                                                                      • Instruction ID: deb5690f9e574bfb62bf41aa9b47ddb7a8a37897ac896b06b8e2460d481be8bd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f0dd99ab47ecc7509ba3c6f4d436b5d1ddde4d4baa7bb723593fd628b7c245c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46F05E3AB18B6192EB008F29E45455DA3B0FB88B94F444572DF5C83758DF3CD445CB00
                                                                                                                                                                                                                                                      Function 00007FFDFABE5B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: InitNew
                                                                                                                                                                                                                                                      • API String ID: 715727267-2727442622
                                                                                                                                                                                                                                                      • Opcode ID: 7c39560557e6c16cd57088573f9a5b61df3d3829fc9fd4e846c6f273f1d1cd45
                                                                                                                                                                                                                                                      • Instruction ID: 766b35b1135b609c4ae062abc378d285820915e2605d86e4511fead5a77058f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c39560557e6c16cd57088573f9a5b61df3d3829fc9fd4e846c6f273f1d1cd45
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2E09226B1464192FB045B79F458E6C63A0FB4CB94F855030DA1987658DE38C8898700
                                                                                                                                                                                                                                                      Function 00007FFDFAC0CC50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: Revert
                                                                                                                                                                                                                                                      • API String ID: 715727267-3951012024
                                                                                                                                                                                                                                                      • Opcode ID: 107139c2922147c0244aaa30d2459918268bbc9e9dbd80e09f1554ab39fe157a
                                                                                                                                                                                                                                                      • Instruction ID: 9ea83d9c8ac09c98205e915d646e72412d3043229c9530c6ff64158eb76c08e2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 107139c2922147c0244aaa30d2459918268bbc9e9dbd80e09f1554ab39fe157a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEE06D2AB24A1692EB049F79E46896CA3A0FB88B84F444031DE1983258DE3CD449C700
                                                                                                                                                                                                                                                      Function 00007FFDFAC09C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: ImpersonateClient
                                                                                                                                                                                                                                                      • API String ID: 715727267-2247024987
                                                                                                                                                                                                                                                      • Opcode ID: 32efda8d082c7b17451cd9707033824ed3465b7637c454f25efe1f3b3f68347e
                                                                                                                                                                                                                                                      • Instruction ID: 7e497fe2ea51ee8842130fbd42d1f60959275c7fdd059c89feac6a073b537ce8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32efda8d082c7b17451cd9707033824ed3465b7637c454f25efe1f3b3f68347e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6E09226F2475192EB045B79F498A6C63E0FB4CB84F455030DA1987648DD38C4898700
                                                                                                                                                                                                                                                      Function 00007FFDFABE6BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: InitNew
                                                                                                                                                                                                                                                      • API String ID: 715727267-2727442622
                                                                                                                                                                                                                                                      • Opcode ID: 5fd2c5972e1855b30a111cf3b688e0f57dbf539a87d9a5a3d447952757edb853
                                                                                                                                                                                                                                                      • Instruction ID: 0f1abcf0226cb11ecabfb0e7c19191ea2a379dadb2643e372bc44b34b337943f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fd2c5972e1855b30a111cf3b688e0f57dbf539a87d9a5a3d447952757edb853
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0E09226B14641D2FB145B79F458E6C63A0FB4CB94F855034DE1987648DE38C4898700
                                                                                                                                                                                                                                                      Function 00007FFDFABF99F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: Reset
                                                                                                                                                                                                                                                      • API String ID: 715727267-2438762569
                                                                                                                                                                                                                                                      • Opcode ID: 4785bdd762219671f94352680cd682db7f155cbab4864aa85b1894574415fc8d
                                                                                                                                                                                                                                                      • Instruction ID: cdabe090184b82bc920382722fc1aa463204dcd7cfa6521dcb7e905111333b0d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4785bdd762219671f94352680cd682db7f155cbab4864aa85b1894574415fc8d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17E09226B2465192EB045B79F498A6C63A0FB9CB84F855030DE5987648DD38C4498700
                                                                                                                                                                                                                                                      Function 00007FFDFABE8EE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000001.00000002.2947952810.00007FFDFABC1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2947925633.00007FFDFABC0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948064051.00007FFDFAC1E000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948106543.00007FFDFAC51000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948150812.00007FFDFAC5C000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948190664.00007FFDFAC5D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000001.00000002.2948219406.00007FFDFAC66000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfabc0000_UpdaterTool.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State_$EnsureRelease
                                                                                                                                                                                                                                                      • String ID: TestCancel
                                                                                                                                                                                                                                                      • API String ID: 715727267-2667677955
                                                                                                                                                                                                                                                      • Opcode ID: 72a07e46d1725cc4311d63012877321eae4685f0f2c13b376de30b10d1e6beb8
                                                                                                                                                                                                                                                      • Instruction ID: cb2d4bb32a4676e222493941da3eb22cbe23cb8885d5c7f7e820f6ed0832b537
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72a07e46d1725cc4311d63012877321eae4685f0f2c13b376de30b10d1e6beb8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13E09226B2465192EB049B79F498E6C63A0FB4CB84F855030DE1987648DD38C4898700